Performing Staff and Security Functions
As of version 15.3.1, the PCI utility is only available for customers who are using the hosted version of OrthoTrac.
OrthoTrac must be upgraded to version 15.3.1 in order to run the PCI utility. Only an OrthoTrac user with permission to access the Auto Payment Report can run the utility. See Configuring Security for the Auto Payment Report for more information on how to enable access to the Auto Payment Report.
Achieving PCI compliance is important to every customer who accepts credit card payments in their practice. Following the guidelines established by the PCI Security Standards Council (https://www.pcisecuritystandards.org/) helps ensure customer credit card data is protected. Improperly managed credit card data puts your customers and your practice at risk and would lead to significantly higher processing fees. For these reasons, you can no longer store complete credit card numbers in your hosted OrthoTrac software.
We realize that you might need access to this important data to process future auto payments; the utility will require your PCI password and will generate a CSV file for you to print and securely store for future manual payment processing. Take note of the recommendations below, as sensitive data will be generated with this file.
The instructions below detail the steps required for you to export the credit card details currently entered in your system. It is important that you complete these steps to run the PCI utility prior to September 4, 2023.
OrthoTrac hosted customers will be upgraded to version 15.3.1 soon. This version of the software includes the PCI utility.
The PCI utility is only available for customers using the hosted version of OrthoTrac.
Only an authorized user with a PCI password and permissions to access the Auto Payment Report can run the PCI utility. The utility will export a file containing the stored credit card account information to a location on your local machine and delete the credit card details from OrthoTrac.
If your system is not PCI compliant, a warning message is displayed the first time an authorized user logs in for the day, informing the user that the OrthoTrac system is not PCI compliant and that they should run the utility before the specified deadline.
After seven days, the message is displayed to all users after initial log in, until the utility has been run.
To run the PCI utility:
Click Run Utility. The PCI Compliance Password window is displayed.
Type your PCI password in the field and click Enter Password. The PDC Export window is displayed.
Click the ... button. The Browse for Folder window is displayed.
Select a folder on your local PC to store the CSV file that will be created by the utility, and then click OK. The path of the selected folder is shown in the Select Folder on Your Local PC field.
If a folder that is not local is selected, a pop-up message will display instructing the user to select a local folder.
Click Run Utility to start the export process. The export process will take a few seconds. When the export is completed, a success message that includes the path where the CSV file has been exported to is displayed.
Click OK. A pop-up message is displayed to indicate that the process was completed successfully.
Click OK. The system is now PCI compliant. The AutoPayments Table Export.csv file is in the folder you selected.
The PCI Compliance warning message will no longer be displayed when you log in.
Carestream Dental recommends the following:
Be sure to secure this auto payment data file – it will contain credit card information that needs to be protected, and it is your responsibility to protect it.
After you download the CSV file, you can print it and secure the file in a safe location, should you need to continue to process manual auto payments.
We recommend that you do not permanently save the CSV file to your hard drive but print it and secure it in a locked cabinet if you need to use this data in the future.
After you print this file and secure it, delete the file permanently from your computer.
Consult with your credit card processing service for additional details on PCI compliance and how it affects your practice. You can also find more information about PCI compliance and the current standards at https://www.pcisecuritystandards.org/.