Merchants accepting credit cards in today’s fast-moving business environment should be aware of Payment Card Industry Data Security Standard (PCI DSS), a recent regulatory change that significantly affects the way credit card payments are processed. Many businesses are unaware that storing and handling sensitive credit card account data improperly can lead to large fines, corporate embarrassment and lost sales. In a worst-case scenario, merchants may be unable to process transactions in the future.  All businesses that process transactions are subject to these new regulatory standards, regardless of their size, industry, or processing history.

PCI DSS is a regulatory requirement that aims to increase credit card data security with payment processing. Becoming PCI DSS compliant can be difficult and complicated, and applies all companies that transmit, process, or store credit card account data. Even companies who do not intentionally store credit card data or who use professional POS systems are often unaware of the risks associated with a non-PCI compliant system. You can reduce the present risks by working with a payment processor who understands PCI compliance and who can help you upgrade your payment system to meet today’s standards.

A real-life example

PCI DSS compliance is complicated enough that even one of B.C.’s largest companies struggled with it; a recent Globe and Mail article reported that B.C. Ferries recently discovered that they have “glaring deficiencies in the way in which the company is protecting sensitive customer credit card information.” Most notably, B.C. Ferries… Read more

Chip and PIN technology is one of the most significant industry changes your business will face this year. Recently released in the Canadian market, this technology has been adopted by many merchants across the country.

What is chip and PIN technology?

Chip and PIN technology is a way of authenticating a cardholder’s identity. An embedded microchip contains the customer’s information, and a four-digit PIN is used to verify the customer’s identity. In order for the transaction to be approved, the PIN must match the information stored on the card.

Chip and PIN card systems are based on the EMV standard, developed by EMVCo LLC, whose founding members included Europay, MasterCard and Visa. These standards enforce the use of certified EMV compliant POS terminals. EMVCo LLC defines chip card and chip-reading terminal requirements by auditing and certifying merchants for EMV compliance.

How does chip and PIN technology affect your business?

Chip and PIN technology will affect your business in several major ways. It will:

• Require EMV compliant software and hardware.
• Increase transaction speeds.
• Increase customer confidence.
• Decrease fraudulent chargebacks.

Software and hardware

Some merchants are frustrated to discover that recently purchased POS terminals are not EMV compliant. Check your existing contract to see if you are EMV compliant. If you are not, determine whether you can upgrade to EMV compliant POS terminals without breaking your contract.

Speed

Chip and PIN technology speeds up… Read more

PCI DSS and your business

In our previous post, we discussed the 12 requirements of PCI DSS. Today, we’ll talk about how these requirements will affect your business.

How does PCI DSS affect your business?

PCI DSS is dramatically changing credit card payment processing. Here are some costs and benefits you should be aware of.

• Costly Upgrades. The state of your current systems will determine how PCI DSS affects your business. If your systems meet the current requirements, then PCI DSS will not affect your business. However, if your systems do not meet PCI DSS requirements, you may have to upgrade your systems. Speak to your payment processor about the most cost-effective way to become PCI DSS compliant.
• Safe Harbour Status. One of the main benefits of becoming PCI DSS compliant is that you will attain safe harbour status. Safe harbour status protects you from fines in the event of a security breach. In the unfortunate event that a customer sues you, the court will be more lenient with you if you have safe harbour status. In order to benefit from safe harbour status, all security requirements must be in place.
• Fines. If your business is not PCI DSS compliant, it may be audited, fined, or sued. In the worst-case scenario, your business may lose the right to process credit cards entirely.

What are the documentation requirements for PCI DSS?

Documentation requirements depend on your business’s… Read more

PCI DSS and credit card payment processing

The Payment Card Industry Data Security Standard (PCI DSS) is the major regulatory change that you are likely to face this year. We recently provided an overview of PCI DSS. In this article, we’ll discuss it in more detail.

What is PCI DSS?

The PCI Security Standards Council developed PCI DSS to increase data security in credit card payment processing. The PCI DSS applies to all organizations that transmit, process, or store credit card data. Note that while the PCI Security Standards Council developed PCI DSS, the regulations are actually enforced by credit card associations like Visa, MasterCard and American Express.

The PCI DSS has six “control objectives” that include a total of 12 compliance requirements. According to the PCI Security Standards Council, the control objectives are:

Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect cardholder data.
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters.

Protect Cardholder Data
Requirement 3: Protect stored cardholder data.
Requirement 4: Encrypt transmission of cardholder data across open, public networks.

Maintain a Vulnerability Management Program
Requirement 5: Use and regularly update anti-virus software.
Requirement 6: Develop and maintain secure systems and applications.

Implement Strong Access Control Measures
Requirement 7: Restrict access to cardholder data by business need-to-know.
Requirement 8: Assign a unique… Read more