PCI DSS and your business

In our previous post, we discussed the 12 requirements of PCI DSS. Today, we’ll talk about how these requirements will affect your business.

How does PCI DSS affect your business?

PCI DSS is dramatically changing credit card payment processing. Here are some costs and benefits you should be aware of.

• Costly Upgrades. The state of your current systems will determine how PCI DSS affects your business. If your systems meet the current requirements, then PCI DSS will not affect your business. However, if your systems do not meet PCI DSS requirements, you may have to upgrade your systems. Speak to your payment processor about the most cost-effective way to become PCI DSS compliant.
• Safe Harbour Status. One of the main benefits of becoming PCI DSS compliant is that you will attain safe harbour status. Safe harbour status protects you from fines in the event of a security breach. In the unfortunate event that a customer sues you, the court will be more lenient with you if you have safe harbour status. In order to benefit from safe harbour status, all security requirements must be in place.
• Fines. If your business is not PCI DSS compliant, it may be audited, fined, or sued. In the worst-case scenario, your business may lose the right to process credit cards entirely.

What are the documentation requirements for PCI DSS?

Documentation requirements depend on your business’s volume of credit card payment processing.

• Businesses that handle up

… Read more

PCI DSS and credit card payment processing

The Payment Card Industry Data Security Standard (PCI DSS) is the major regulatory change that you are likely to face this year. We recently provided an overview of PCI DSS. In this article, we’ll discuss it in more detail.

What is PCI DSS?

The PCI Security Standards Council developed PCI DSS to increase data security in credit card payment processing. The PCI DSS applies to all organizations that transmit, process, or store credit card data. Note that while the PCI Security Standards Council developed PCI DSS, the regulations are actually enforced by credit card associations like Visa, MasterCard and American Express.

The PCI DSS has six “control objectives” that include a total of 12 compliance requirements. According to the PCI Security Standards Council, the control objectives are:

Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect cardholder data.
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters.

Protect Cardholder Data
Requirement 3: Protect stored cardholder data.
Requirement 4: Encrypt transmission of cardholder data across open, public networks.

Maintain a Vulnerability Management Program
Requirement 5: Use and regularly update anti-virus software.
Requirement 6: Develop and maintain secure systems and applications.

Implement Strong Access Control Measures
Requirement 7: Restrict access to cardholder data by business need-to-know.
Requirement 8: Assign a unique ID to each person with computer access.
Requirement 9: Restrict physical … Read more

The payment processing industry is facing considerable changes as it heads into 2010. We’ve already discussed regulatory driven changes such as PCI DSS, and chip and PIN technology. This article will focus on the consumer driven changes facing the industry, such as the move to mobile technologies and the entry of Visa Debit in the Canadian marketplace. Stay informed on how industry changes will affect your business by following our blog.

Mobile technology

The move to mobile payment processing devices will have a dramatic impact on the Canadian market.

What is it?

Mobile technology allows payment processing through wireless handheld devices. In the last couple of years, mobile devices have evolved from wireless point of sales (POS) terminals into applications for cellular phones and smartphones. While mobile technology has been around for many years, it is starting to have a significant impact on how you do business away from the office.

How does it affect your business?

There are several ways that mobile technology can affect your business. By taking the hassle out of wireless processing, you can expect:

• Increased cash flow.
• Secure card authorizations.
• Reduced risk of fraud and chargebacks.

Most important, you will have the freedom to conduct business at your convenience, even if you don’t have a phone line readily available.

Visa Debit is entering the market

Visa Debit is now available in Canada!

What is it?

Visa Debit is like any ordinary debit card. It allows cardholders to pay directly from their bank account. The primary … Read more

The payment processing industry is facing many exciting changes in 2010. These changes are:

• Regulatory driven, by PCI DSS, and chip and PIN technology
• Consumer driven, by mobile technology and the entry of Visa Debit.

These changes present new challenges and opportunities for all card-accepting merchants and include:

• Regulatory driven changes
• Consumer driven changes
• PCI compliance
• Chip and PIN technology
• Mobile technology
• Visa debit

Over the next few articles, we’ll take a more detailed look at these industry changes. Today, we’ll talk about regulatory driven changes in the payment processing industry.

Regulatory driven changes

Payment Card Industry Data Security Standard (PCI DSS)

The biggest regulatory change to impact your business in 2010 is the introduction of the Payment Card Industry Data Security Standard (PCI DSS).

What is PCI DSS?

The PCI DSS is a set of 12 requirements that covers everything from developing a secure network to maintaining an information security policy.

How does PCI DSS affect your business?

First, you may have to change your current systems in order to meet PCI DSS standards. If your current payment processing system is up-to-date, you may only need a slight upgrade. If your system is old, it may be worth getting a new system. Contact your payment processor to determine which option is best for your business.

Second, you must document your security compliance. There are two categories of PCI DSS merchants. The amount of documentation required depends on which category you are in.

• Lower level merchants have up to

… Read more

On average, it takes three seconds to process a credit card payment. In this time, several organizations must relay data and funds to each other to authorize and settle a transaction. There are six parties involved in payment processing: the customer, the merchant, the payment processor, the credit card association, the card issuing bank, and the underwriting bank. These parties work together in the payment process.

The parties: who’s involved

• The customer — In order for any transaction to occur, there must be a customer who wants to pay for a product or service with a credit card.
• The merchant — The merchant is the business or individual accepting the credit card payment. The merchant must have a system capable of processing credit card transactions.
• The credit card association — Credit card associations like Visa and MasterCard provide authorization, clearance, and settlement services. Credit card associations partner with the card issuing bank, who provides credit.
• The card issuing bank — The card issuing bank provides credit and the physical credit card to the customer. The card issuing bank also authorizes or declines the transaction depending on a number of factors, most importantly how much credit is available to that customer.
• The underwriting bank — The underwriting bank works with the payment processor to provide a merchant account. The underwriting bank takes on some of the chargeback risk of a business, and provides deposits into the merchant’s bank account. The underwriting bank is sometimes referred to as the acquiring bank

… Read more