Tag Archives: PCI Compliance Initiative

What is PCI Compliance and Why is it Important?

If you accept credit cards, you must understand and implement PCI compliance – it is required by all merchant services providers. The good news is that it’s not as hard as you think to comply, and there is plenty of support available to help you.

What is PCI Compliance?

Payment Card Industry Compliance (PCI) is a set of regulations that ensure all businesses are transmitting, processing, and storing payment information in a way that’s safe and secure for consumers. The regulations lower the risk of a data breach, identity theft, and ensure overall safety for both consumers and businesses.

There are 12 total requirements businesses must meet to be ‘compliant.’ Some regulations pertain to the equipment you use – building a secure network and ensuring its ongoing safety as well as practices to determine who has access to the data and how.

PCI compliance also affects financial institutions and payment processors – anyone involved in the payment processing must be compliant to ensure the safety of the transactions.

Why is PCI Compliance Important?

First, PCI compliance isn’t optional – it’s the law. If you don’t follow it, you can’t accept credit cards. Businesses that aren’t compliant are at risk of not only data breaches, but a reputation of not being secure. Word gets around fast when there’s a data breach and it takes a long time to build that reputation and/or level of trust up again.

Today, it’s not only public opinion that gets involved, but the government steps in too. The risk of terrorism is high and the need to know what’s going on in all aspects of data transmission is a key factor.

How to Make Sure your PCI Compliant

You could handle PCI compliance yourself, but it’s time consuming, confusing, and stressful. Instead, it’s best to work with a payment processor who handles it for you. Instead of navigating unchartered waters yourself, you can have support and education to learn what’s involved, what steps you need to take, and even to do most of the heavy work for you.

A part of the compliance does fall on your shoulders though. You must make sure your staff is on board and understands the rules and regulations. You must also take control and know what risks you’re putting your company and your customers’ information under as there’s always a risk anytime information gets transmitted.

When you can promise your customers that you have PCI compliance under control, not only will it help build up your reputation, but it helps increase sales too. Customers are loyal to businesses that do more than provide the goods or services they need. They are loyal to a business that they know will protect their information, watch out for their wellbeing, and provide all-around good customer service.

If you haven’t given PCI compliance a thought lately – it’s time to figure out how to put the proper steps in place. Your business and your customers are relying on you to do so.

Terminal Retirements

Leave a reply

Following up on our recent blog about terminal of the future, the VX 520, today we’re going to let the other shoe drop. With the payment processing industry thrusting its spotlight onto security in the wake of the Target Data Breach, the PCI DSS and its upgraded protocols are getting a lot of attention.

Host Merchant Services has been ahead of the curve on PCI compliance, having instituted a PCI Compliance Initiative years ago. But the Payment Card Industry Security Standards Council is in a continuous state of refining their security requirements and best practices so we here at HMS have to remain agile and adept at navigating these changes.

EMV smart cards, a topic we’ve discussed in depth here, are prompting PCI DSS to reorganize large swaths of its standards, and as a result, retire various terminals. As more and more POS hardware adapts to support EMV chip cards and end to end encryption, manufacturers and software developers will have to put their older equipment out to pasture. With the release of EMV/Contactless terminal applications, many of the legacy terminal devices/applications do not have the memory capacity required in order to support the association mandates. As a result, TSYS has provided a preliminary end of life schedule for credit card terminal applications that will be fully retired.

This is something the PCI DSS has been preparing for, and as such they have a schedule implemented for the retirement of older equipment. Coming up next is the VX 510 Terminal and its VDID300 Application, scheduled for retirement on June 3, 2014. Also the VX 510 and VX 570 and its VXGFT02 Application will be retired that day.

Prior to this date, Host Merchant Services has terminal upgrades available for our merchants. While we will continue to honor merchant boarding for these devices until the effective end of life date, once that occurs these devices/applications will no longer be an option available within our internal systems and downloads will no longer be available for terminal updates, swaps or technical support. So upgrading should be a priority, and Host Merchant Services will make the process seamless and trouble-free.