RightFax & Fax Encryption for PCI Fax Compliance

PCI DSS compliance is a crucial part of enterprise-wide information security for many organizations. While fax transmission is inherently secure, faxed documents need further security measures once they're at rest on a server. The RightFax Encryption Module delivers advanced encryption to protect faxed data and support compliance with PCI DSS, as well as statutes like HIPAA, Sarbanes-Oxley, and Gramm-Leach-Bliley.

PCI Compliance with the RightFax Encryption Module

RightFax’s Encryption Module applies 192-bit Triple DES encryption to every stored fax, ensuring that sensitive cardholder data remains protected. By encrypting, decrypting, and re-encrypting fax images with three digital keys, this module provides robust security while maintaining seamless fax operations.

Beyond securing stored faxes, the module also enhances audit readiness by blocking unauthorized access and logging all legitimate access attempts—critical for demonstrating compliance.

PCI DSS Fax Security Requirements

Fax security is implicit throughout the PCI DSS standards and is explicitly mentioned in two places:

  • "The display of full PAN [primary account numbers] on items such as computer screens, payment card receipts, faxes [emphasis added], or paper reports can result in this data being obtained by unauthorized individuals and used fraudulently.” (§3.3, Guidance)

PANs are often truncated for security purposes (e.g., to *2468) but full numbers are still required for processing or other purposes. The best approach is usually to restrict fax (and other media) access to authorized parties. RightFax's nuanced security options make this level of access control both straightforward and highly reliable.

  • “Verify that procedures for protecting cardholder data include controls for physically securing all media (including but not limited to computers, removable electronic media, paper receipts, paper reports, and faxes [emphasis added).” (§9.5, Testing Procedures)

The ease of leaving a printed fax in plain sight has made these devices the bane of many compliance departments. That’s why the best way to “physically secure” a fax machine is to remove it!


With years of experience in healthcare, financial services, and other highly regulated industries, we look forward to helping you meet and exceed your regulatory objectives. To minimize your legal risks and maximize the ease of PCI DSS fax compliance, contact Paperless Productivty® today.

paperless solutions

Paperless Productivity®

Learn how to leverage and benefit from paperless workflow solutions, gain access to live and recorded informative webinars.

Contact us

Request Consultation
Close