PCI Premium Customer Document

Moxie offers Payment Card Industry (PCI) compliant instances of the following Moxie application services: Chat and Email (including Concierge versions).

Your contracted deployment includes a PCI Premium environment for one or more of the above services.  These guidelines lay out the requirements for your use of the PCI Premium services.

The term “you” in these guidelines means your company and any employees, contractors, agents, affiliates or other parties who are administering or using the Moxie application services.

PCI Premium Service Requirements:

  • Although the applications are compliant with PCI, you may not use them to store unmasked credit card numbers, credit card expiration dates or credit card AVS, CVV, CCV or CVV2 numbers (collectively, “credit card information”);
  • If you are planning to accept credit card information via chat, you must only use Moxie’s credit card data capture form to request and accept the information;
  • You must not use the chat service to send credit card information to website visitors or third parties (i.e. credit card information transmissions will only be inbound from individuals you chat with);
  • You must enable, maintain and use Moxie supplied chat transcript masking rules for standard credit card formats in addition to Moxie’s credit card data capture form format to mask accidental transmissions;
  • You must not email chat session transcripts containing credit card information or enable features that allow emailing chat session transcripts containing credit card information;
  • You may not request credit cards information via email;
  • You must not send credit card data email;
  • You must enable, maintain and use email rules for masking credit card data to avoid accidental transmissions;
  • You must not add credit card data to any notes field or via Moxie’s agent to agent instant messenger capability;
  • You must not modify, reduce or interfere with any encryption settings;
  • Your implementation may not utilize:
    • Integrations with SMS (texting) services;
    • Facebook Messenger integration; or
    • Integrations with other third-party communication platforms;
  • If you become aware of or suspect any unmasked credit card information is being stored in an application, you must immediately notify Moxie in writing and work with us to remove the unmasked information from the application’s database;
  • You will comply with such other reasonable requirements and service configurations as Moxie may publish from time to time in the relevant documentation, on our support portal or otherwise convey to you; and
  • You will retain chat and email application data in the application database no longer than for the maximum retention period set forth in your contract with Moxie.

Additional terms governing your use of the PCI applications are set forth in your contracts with Moxie and in Moxie documentation and support materials.  Moxie may update these terms from time to time.

Moxie’s support and professional services are available to assist with configuration of the above items. Charges may apply for some professional services assistance.

Please complete the following information to confirm your review of this information: