Using InterFAX for PCI-DSS-compliant content

Some users, such as financial service companies and hotel reservation centers, need to send confidential financial data in their faxes such as credit card data. These users must remain PCI compliant due to their own compliance requirements, and as such all of their providers, such as InterFAX, must be PCI compliant as well. Read more about PCI compliance – here.

In anticipation of such requirements InterFAX has implemented several high security systems and protocols. If you wish to use our PCI compliant service, we suggest that you complete the following steps:

Initially, please Contact Us, to request the conversion of your Account, Users and Services from the regular InterFAX service to the InterFAX PCI service, InterFAX will then:

  • Set any outbound services to be PCI compliant (this is a configuration change done on the InterFAX side).
  • Close any inbound services and reopen them as PCI compliant services.
  • The “Delete after completion” option for sending faxes in InterFAX (which deletes the contents of the outbound fax once processing of the content is completed) will be enabled automatically and cannot be disabled.

For the outbound service, you may use our PCI compliant API’s – InterFAX offers both SOAP and REST API’s which are PCI compliant:

  • Our SOAP endpoint is https://ws-sl.fax.tc (you will note that this is a different API endpoint than our regular web service). You can find the documentation for the SOAP PCI outbound web service here.
  • Our REST endpoint is https://rest-sl.interfax.net (you will note that this is a different API endpoint than our regular web service). You can find the documentation for the REST PCI outbound web service here.

For the inbound service there is no change in API endpoints, the changes are internal to InterFAX.

Please also do the following;

  • Copy the InterFAX PCI-DSS compliance statement to your records, which is available here.
  • Ensure that, if you are storing fax records (outbound or inbound) which contain PCI protected data, that your system is also PCI compliant (please note that you can store, order and tag inbound faxes in InterFAX indefinitely, as well as archive them for storage).