Information regarding various Point of Sale security mandates
|
|
|
Datacap
Systems' PABP-Validated Integrated Payment Solutions |
|
Embedded Systems
DialTran™,
IPTran™, TwinTran™
|
|
PC-Based
Systems
NETePay™, DIALePay™
|
|
|
|
PCI DSS |
►
|
Payment
Card
Industry
Data
Security
Standard
-- PCI DSS is a multifaceted security standard that includes
requirements for security management, policies, procedures, network
architecture, software design and other critical protective
measures. This comprehensive standard is intended to help
organizations proactively protect customer account data. In order
for the end-user to be PCI compliant, they must not only use
compliant software/hardware, but must also follow all data storage
regulations laid out in the PCI DSS ver 1.1. |
|
|
|
|
|
PABP
|
►
|
Payment
Applications
Best
Practices -- The PABP applies to software
vendors who develop payment applications that store, process, or
transmit cardholder data as part of authorization or settlement. The
PABP is a Visa mandated set of requirements for software
applications that is being replaced by the new industry standard PA-DSS
(Payment Applications Data Security Standard). Software certified
under these guidelines will be grandfathered under the new PA-DSS
for at least two years before having to go through an additional
software audit to determine if changes are necessary. |
|
|
|
|
|
PA-DSS
|
►
|
Payment
Applications
Data
Security
Standard -- PA-DSS is the Council-managed
program formerly under the supervision of the Visa Inc. program
known as the Payment Application Best Practices (PABP). The goal of
PA-DSS is to help software vendors and others develop secure payment
applications that do not store prohibited data, such as full
magnetic stripe, CVV2 or PIN data, and ensure their payment
applications support compliance with the PCI DSS. Payment
applications that are sold, distributed or licensed to third parties
are subject to the PA-DSS requirements. |
PABP Validated
Payment Applications
(As of October 15, 2008)
|
|
Why does
PCI Compliance matter to You? |
| End Users |
| Your business may be subject
to substantial fines should your Point of Sale system be
breached, resulting in compromised card holder information.
Using PABP/PA-DSS compliant software and hardware and
following PCI compliance guidelines will help to alleviate
this risk. Contact your POS Dealer to confirm that your
system is compliant or to request an upgrade. |
| POS Resellers |
| Credit Card Processors are
now sending letters to your merchants requiring them to
update to a PCI compliant POS System. As of October 1, 2008,
these Processors will no longer board merchants who are not
using PABP validated POS systems/payment solutions.
This means that, as a POS system reseller, you must be
prepared with a fully PABP/PA-DSS compliant solution for
your customer base. |
| ISO's/Acquirers |
| Upcoming Visa mandated
deadlines (listed below) require that you board only level 3
and level 4 merchants that are PCI compliant or utilize
PABP-compliant applications. Acquirers must work in
conjunction with the customers' POS dealer to ensure that
the merchant is using a compliant system and is following
PCI DSS guidelines. |
|
|
PCI DSS/PABP
Deadlines... |
| October 1,
2008 --
Phase III |
| Credit Card Processors and
Bank Card Acquirers must only board level 3 and level 4
merchants that are PCI DSS compliant or utilize
PABP-compliant applications. Now that this deadline has
passed, Acquirers are turning away new merchants not using
software listed as PABP/PA-DSS compliant. |
| October 1,
2009 --
Phase IV |
| VNP's and Agents must
decertify all known vulnerable payment applications,
including those published on Visa's list of vulnerable
payment applications. As future vulnerable payment
applications are identified, VNP's and agents must decertify
these within 12 months. |
| July 1,
2010 --
Phase V |
| Credit Card Processors and
Bank Card Acquirers must ensure their merchants and agents
use only PABP compliant applications. This final phase
mandates the use of payment applications that support PCI
DSS compliance, requiring acquirers, merchants and agents to
use only those payment applications that can be validated as
PABP-compliant. |
|
|
|
Are you a POS Software
Developer? Leave the Burden of Storing
Cardholder Data to Datacap and Breeze through your PA-DSS Audit
without worry! |
|
|
| |
"Cruise
through your PA-DSS Compliance Audit by leaving all
cardholder data storage and encryption to Datacap's NETePay
and DIALePay software! Our software will provide your system
with a unique "token" assigned to each transaction that can
be pulled back for tip adjustments and voids. This process
removes all Card Holder Info from your POS System. Simplify
your software and leave the hassles of Cardholder Data
Encryption to Datacap!" |
|
|
|
Do you have a question that isn't answered here?
Contact your Datacap representative today.
(215) 997-8989 or datacap@dcap.com
|
