Archive for the ‘Debit Card Processing’ Category

« Older Entries
Newer Entries »

PCI FAQ’s

Thursday, March 11th, 2010

PCI Security is a very hot topic in the credit card processing industry these  days  .  Merchants don’t understand or accept PCI, and are frustrated by the new PCI compliance fees they are seeing on their merchant statements (if you haven’t seen yours yet–look harder).  Even worse, several processors and shady merchant services sales people are distorting facts and downright lying in the never-ending quest to steal a merchant account from a competitor in order to make an extra dollar. pcilogo

Let’s set the record straight once and for all.  If you are a merchant of any kind, any size, any industry, here is a concise listing of everything you MUST know about PCI Security compliance:

 

What is PCI DSS?

The Payment Card Industry Data Security Standards are requirements designed to minimize theft and misuse of sensitive credit card data at every level of credit card processing.

Who has to Comply?

Member Banks – Acquiring Bank and Card Issuing Banks.
MerchantsAny merchant who accepts any of the major card brands, including Visa, Mastercard, American Express and Discover.
Service Providers – Internet Gateways, Shopping Cart Vendors and Hosting Companies

What does PCI Compliance mean to my business?

The card associations require that cardholder information be handled and maintained in a secure fashion. ALL merchants are required to meet the PCI compliance guidelines.

What is the difference between compliance and validation?

Compliance is the process of implementing the security controls and policies required by the standard. Validation is the process of proving that you are compliant. PCI compliance requires both functions to be performed.

How often do I have to validate my compliance?

You are required to validate compliance every 12 months.

What if I change my merchant service provider in the next 12 months?

You will receive a Certificate of Compliance once you have completed the required SAQ and scan, if required, that you will be able to provide to your new merchant service provider to validate your compliance.

What happens if I am not in compliance?

Failure to comply with these requirements can result in significant fines and the possible cancellation of payment processing capability.

Am I liable if my service provider is breached?

It depends, but it is certainly possible. If you use a 3rd party service provider to process your credit card transactions it is your responsibility to ensure they are PCI compliant. If they aren’t and they are breached you can be held liable also. There are known cases of that happening currently.

Does PCI compliance apply to non-profit organizations?

Yes, the liability and risks still exist and need to be addressed. In fact, because you are a non-profit organization the effects of a data breach could be even more damaging to your business due to the fines and other possible penalties.

How do I determine the specific requirements that apply to my business?

Compliance requirements vary by method of processing, such as using a stand alone landline, wireless communications or the internet to process. Simply review the table provided, click on the letter next to the description that best describes your business, and you will be taken directly to the applicable requirements.

What is a Self-Assessment Questionnaire?

The Self-Assessment Questionnaire “SAQ” is a validation tool for merchants and service providers who are not required to do on-site assessments for PCI DSS compliance.

What is cardholder data?

Primary Account Number (PAN)
Cardholder Name
Expiration Date
Sensitive Authentication Data
Full magnetic stripe data
Card Validation Code/Value
Personal Identification Number (PIN)

What can never be stored, even if encrypted?

Full magnetic stripe
Card Validation Code/Value
Personal Identification Number (PIN/PIN block)

What are the 12 requirements?

  • Install and maintain a firewall configuration to protect cardholder data.
  • Do not use vendor-supplied defaults for system passwords and other security parameters.
  • Protect stored cardholder data.
  • Encrypt transmission of cardholder data across open, public networks.
  • Use and regularly update anti-virus software.
  • Develop and maintain secure systems and applications.
  • Restrict access to cardholder data by business need-to-know.
  • Assign a unique ID to each person with computer access.
  • Restrict physical access to cardholder data.
  • Track and monitor all access to network resources and cardholder data.
  • Regularly test security systems and processes.
  • Maintain a policy that addresses information security.

    •  

  • What’s the difference between a QSA and an ASV? A Qualified Security Assessor (QSA) is a firm certified by the PCI Security Standards Council to perform the annual audits required for Level 1 Merchants. An Approved Scanning Vendor (ASV) is certified to perform the quarterly scanning required by all levels. Level 4 Merchants do not require the services of a Qualified Security Assesor.Are there different ways to satisfy requirement 6.6?Possibly, depending on your situation one of the following may satisfy the requirement:
  • Perform a code review of all in-house developed web applications.
  • Run all web application code through automated code analysis tools.
  • Perform a manual penetration test on each web application.
  • Purchase and install an application layer firewall in front of each web server.How do I find my IP Address?Consult your network administrator.How do I know if my IP address is Static or Dynamic?Consult your network administrator. 

    What is the difference between a Static IP and a Dynamic IP address?

    A static IP address is the number assigned to a computer by an Internet service provider to be its permanent address on the Internet. If you have a static IP your IP address remains the same every time you log in. Once you have provided JDS with your IP address your scans will be performed without any action required on your part.

    A dynamic IP address is your IP address for only as long as you are logged in for a session on the Internet. Once you disconnect from the Internet, that dynamic IP address goes back into the IP address pool so it can be assigned to another user. Consequently you will rarely, if ever, have the same IP address twice.

     Who can I contact if I have any questions about PCI?   Call 1-877-689-1691 or email your questions to amspcs@juno.com.  You may also contact us at  http://www.merchantservices-help.com/contact.html  We will answer your quesetions and/or refer you to the proper source as quickly as possible. 

    • What other  links should I refer to for additional information and assistance regarding PCI?

    http://www.merchantservices-help.com/PCIcompliance.html contains more valauble information on PCI Data Security as well as a direct link to the PCI Security Standards Council page.

     

    Who

    • Share/Bookmark

    Posted in Accepting Checks Safely, Credit Card Processing, Data security, Debit Card Processing, Healthcare, Merchant Accounts, eCommerce | 7 Comments »

    iPhone Scam Alert

    Tuesday, February 16th, 2010

    Dear Friends and Merchants:
    Just a quick reminder to those of you who use iPhones and Smartphones–and we know there are many of you out there judging from the number of you who use your Smartphone devices for mobile credit card processing.
    Be aware that there is an on-going ‘phishing’ campaign impersonating Apple.com. The scamsters attempt to trick users into submitting sensitive device information, with the intent to use the data in a countless number of fraudulent variations.

    Our thanks to our merchant customer, friend, and service provider, Steve Shelby of Farvision Networks. for passing this tip onto us.  Steve does an excellent job of servicing and maintaining our computer equipment and helping us maintain your
    privacy and the integrity of our database with timely information such as this.  If your computer system could benefit from professional expertise such as this, contact Steve at Farvisoin Networks at 954.272.8267 or email
    www.farvision-networks.com

    • Share/Bookmark

    Posted in Credit Card Processing, Data security, Debit Card Processing, Healthcare, Merchant Accounts, Processing Equipment, Tips & Advise, Useful Business Services, eCommerce | No Comments »

    New Secure Payment Application for Google®’s Android™

    Friday, November 6th, 2009

    Announcing the first secure mobile payment application for Google®‘s Android™ smartphones.  This application, available through select distributors including Automated Merchant Solutions, Inc.(amsapcs@juno.com) enables Android™-powered mobile phones to become card payment acceptance devices.  With T-Mobile® offering G1™ and myTouch™ and Sprint® offering HTC Hero™ Android™ smart phones, and Verizon Wireless® entering the market, Android is reshaping the mobile phone industry.GoogleAndroid

    This state-of-the-art payment software and gateway solution is supported by all major credit card processors.  It allows merchants seamless integration with their existing merchant account provider, enabling back-office systems integration to accounting applications such as QuickBooks.  With it’s touch screen interface, this application enables merchants to quickly and easily securely accept credit and debit card transactions at the point-of-sale anytime, anywhere.  The software supports optional hardware such as a Bluetooth printer with integrated card reader, which results in merchants paying the lowest possible ‘swiped’ crdit card processing rates.  Receipts can also be printed on the spot, while electronic signature capture available on many processing networks eliminates the requirement for merchants to retain paper copies of signed receipts.

    For details and pricing, email amspcs@juno.com or call 1-877-689-1691.

    • Share/Bookmark

    Posted in Accepting Checks Safely, Credit Card Processing, Data security, Debit Card Processing, Healthcare, Merchant Accounts, Processing Equipment, Tips & Advise, Useful Business Services | No Comments »

    Pin Pad Sale

    Friday, September 18th, 2009

    We have a limted number of new PCI compliant Verifone Pin Pad 1000 SE/180 pin pads available at the special introductory price of  $89.95, while supplies last.  1000SENEWThe PCI PED approved PINpad 1000SE is ergonomically designed for ease of use and handling, plus it provides the added versatility of USB or serial connectivity. It’s a simple upgrade solution for merchants with those devices who need to meet the new PCI PED security standard.  US customers only, please.  Price plus s/h.  Encryption not included.

    To order:  email amspcs@juno.com

    or call 1-877-689-1691

    • Share/Bookmark

    Posted in Credit Card Processing, Data security, Debit Card Processing, Merchant Accounts, Processing Equipment | No Comments »

    Cynergy Data Files for Bankruptcy

    Monday, September 7th, 2009

    Payments processor Cynergy Data LLC filed for Chapter 11 bankruptcy protection on Tuesday Sept 1 2009 and said it has agreed to sell all its assets, according to Reuters News Agency.

    Cynergy discovered accounting errors in March 2009 involving misstated revenue and expenses for 2007 and 2008, leading to a substantial drop in earnings, according to an affidavit  filed by a representative of the management restructuring firm.

    Cynergy said it has about $109.5 million of assets and about $186.2 million of debt. The New York-based company was founded in 1995 and employs nearly 275 people, according to the company’s website.  Cynergy served as the primary processing provider for many many sales services, including SignaPay LLC.

    The case is In re: Cynergy Data LLC, U.S. Bankruptcy Court, District of Delaware (Wilmington), No. 09-13038.

    • Share/Bookmark

    Posted in Accepting Checks Safely, Credit Card Processing, Debit Card Processing, Processing Equipment, eCommerce | No Comments »

    « Older Entries
    Newer Entries »

    Tell a friend!

    Know someone who would like to know about this page?

    Email this link!