Merchant Account Provider - Accept Credit Cards - Credit Card Processing

 Quality Merchant Services Since 1996

» Request Quote to Accept Credit Cards
» Merchant Account Application

phone: 800.397.2380
fax: 770.928.9328

  Merchant Accounts » Rates » Service » Terms » Solutions » Incentives » Testimonials

merchant account resources


 » Merchant Resources
» PCI Data Security
» Merchant Memos

 

PCI DSS

Payment Card Industry Data Security
Data security issues continue to become more prevalent and capture news headlines. It is important that merchants implement proper safeguards to prevent fraud. The primary threat has to do with your POS system connected to the internet and your network environment.

Important PCI Update
Effective January 1, 2008, Phase 1 of the Visa Payment Application Mandates stipulates that no merchant may be boarded that uses a payment application identified as storing vulnerable data. The Payment Card Industry Data Security Standard (PCI DSS) prohibits the storage of the full contents of any magnetic stripe, CVV2 or PIN data. Merchants are at high risk of being compromised if they use payment applications that store prohibited data or have security weaknesses.

Resources
Vantage has launched a series of online security training courses. We strongly encourage you to use the information, tools and resources available. Education and due diligence are the keys to protecting your business.

PCI Compliance course brochure
Assess your Vulnerabilities course brochure

Review the following Reference Tools for security audit procedures, self-assessment questionnaires, a list of validated payment applications and more…

The best place to start is to check your POS software version number against the certified payment application list available at www.visa.com/pabp, where you will find a list of validated payment applications (make sure your POS is on the list) and best practices. We also recommend you review these PDF documents:

Visa Merchant Security Guide
Visa_Keep_Data_Security_on_the_menu
The Payment Card Industry (PCI) Data Security Standard

Tackling PCI
The primary threat has to do with your POS system and network environment. You can upgrade your POS software version and firewall and then constantly monitor your IT network. But this is not your only option. An inexpensive alternative is to process your card payments using a credit card terminal not tied to your POS. Stand alone credit card terminals are PCI compliant and are not at risk from a hacker. These units are small with built in thermal printers and offer high speed IP connections with dial back up. You can even tie multiple units together without a network for a single batch settlement. Separating the payment technology from the rest of your POS functionality offers a low tech way of meeting pressing security concerns. All it takes is to reconcile the POS sales report with your card terminal's batch report, which, unlike IT, is a skill set that most of us have. By separating the payment component from your POS, you can avoid the threats from hackers compromising your POS network, as well as costly upgrades to your POS and ongoing validation procedures and security scans to ensure your POS system, firewall and network are secure.

Payment Application Best Practices

    • Get a certification letter from your POS vendor that your specific payment application version is PCI compliant for your records
    • Process your card payments using a credit card terminal not tied to your POS
    • For Level 4 merchants, complete recommend security audit procedures, a self-assessment questionnaire, a system scan and make sure your payment application is on the list of validated payment applications.
    • Don't store it if you don't need it… and avoid fines, lawsuits and bad press. Take steps to protect your customer's data if you do store it to meet data security compliance standards.
    • Skimming fraud can be addressed with new Pay at the Table solutions.

ALERT! Payment applications storing full magnetic-stripe data
Is your business complying with the Payment Card Industry Data Security Standard (PCI DSS) which prohibits the storage of the full contents of any magnetic-stripe, CVV2 or PIN data?  Storage of this type of data is in violation of the Payment Card Industry Data Security Standard (PCI DSS) and the Visa U.S.A. Inc. Operating Regulations. 

Restaurants are at high risk of being compromised if they use payment applications that store prohibited data or have security weaknesses. Approximately 62% of known compromises last year involved a restaurant, with nearly all compromises involved data that should not be stored by merchants. This is the largest percentage of incidents among merchant groups.  The National Restaurant Association is starting to hear from Restaurants that thought they did what they were told but are now being penalized. 

It is critical that you ensure that you do not use payment applications known to retain prohibited data elements and that you take corrective action to address any identified deficiencies because these applications are at risk of being compromised.

Fighting fraud is an ongoing battle. Are you at Risk?
   


Other Services » PayCard » ATM » Gift & Loyalty » Check Services » EBPP

Speak with a Payment Solutions Specialist

Contact Name:
Phone Number:
Email Address:
Click to verify BBB accreditation and to see a BBB report.
Home | PCI | Resources | Equipment | Lessons | Partners | Jobs | Testimonials | About | Contact | Site Guide | Privacy | Blog | Agent Login
Copyright © 1996-2008 Vantage Card Services, Inc. All Rights reserved. ISO/MSP of HSBC Bank USA, National Association, Buffalo NY