Galileo prioritizes security by masking all PCI-sensitive data, which are the PAN, expiry date, CVV, PIN, and SSN across all Program API responses, Event API messages, and RDFs. However, you can set provider-level parameters to control how Program API endpoints return the data. Keep in mind that enabling these parameters unmasks PCI-sensitive data for all endpoints. Galileo can separately configure your preferences for PCI data in the events and RDFs.
To become PCI compliant you must submit an Attestation of Compliance (AOC), which is a self-assessment questionnaire that measures an organization's conformity to Payment Card Industry Data Security Standards (PCI-DSS). Contact Galileo for more information on the different levels of PCI compliance and how you can fulfill the requirements.