What is PCI?

The PCI DSS (Payment Card Industry Data Security Standard) was developed by a council (consisting of the main payment brands) with the intention of increasing security for credit card data. The standards are a set of 12 technical and operational requirements you must follow to ensure your compliance. The standards have been in place for a few years now, but the deadlines for merchants vary based on your processing level. Large merchants have had to follow PCI requirements for over a year. Small merchants still have some time to work on becoming PCI compliant. Brand new merchants must be compliant at the time of account setup.

The council's main objective was to eliminate the possibility of someone fraudulently obtaining your customer's credit card information. By following the PCI requirements you are limiting the chance that someone will be able to access your sensitive data. Merchants whose data is compromised are faced with fines, fees, and possibly the loss of your right to process credit cards.

For more information call POS•IM Credit Card Processing - (800) 553-9314

Does it apply to me?

PCI DSS applies to all entities that store, process, and/or transmit cardholder data. Basically, if you accept credit cards, it applies to you.

There are different levels of merchants and each level has different requirements. The compliance deadlines for each of these levels also varies. You can see those levels and deadlines here. The majority of POS•IM users will fall into level 4. However, a level 4 merchant who is signing up for a new merchant account must use a PABP compliant solution now. Level 4 merchants with existing accounts have a later deadline. Check the CISP Bulletin that Visa issued here for more information on deadlines.

The new POS•IM Charge software has been certified as PABP (now known as PA-DSS) compliant by Security Metrics. It is listed on Visa's web site as a Validated Payment Application in a document you can also find here.

PCI applies to you whether you are using a Point of Sale software solution to process credit cards, or a separate credit card terminal that sits on the counter.

For more information call POS•IM Credit Card Processing - (800) 553-9314

How Can POS•IM Help?

PA-DSS is a standard for software developers and applies to the methods used for storing, transmitting, and processing credit card information. POS•IM has been certified as PABP compliant. PABP was the original standard, and has since been changed to PA-DSS. We are grandfathered under PABP compliancy to qualify for PA-DSS also.

Using PABP standards ensures the software will assist the end user in becoming PCI compliant. It has also been tested by a Payment Application Qualified Security Assessor (PA-QSA) for vulnerabilities. Card brands (Visa, MasterCard, Discover, AMEX, etc) encourage you to use a PA-DSS solution because they have been tested and lessen your risk of data theft.

POS•IM Charge is also programmed to either STORE or NOT STORE credit card data. You get to choose whether or not you want to have the data stored. If you choose not to store credit card data you will lessen the number of PCI requirements you must fulfill.

Keep in mind that while POS•IM Charge will help you cover some of the PCI requirements, it alone will not make you PCI compliant. BUT... it's a good starting point, and depending on your acquirer (the company who boards your merchant account) and PCI deadlines it may also be a necessary one.

For more information call POS•IM Credit Card Processing - (800) 553-9314

What is your next step?

It really depends on your acquirer (the company who boards your merchant account). For POS•IM Credit Card Processing (PCCP) your acquirer is likely to be Total Merchant Services. We understand their requirements and can easily help you through the process. Contact the POS•IM Credit Card Processing department and we will help you figure it out!

You will also need POS•IM Charge, which safeguards customer information by encrypting it. POS•IM Premier, Diamond and NowCharge do not have those safeguards in place. POS•IM Charge is available to NowCharge users for a $100/base and $25/each additional seat Upgrade Fee. It also requires the latest version of Diamond or Premier, which is only available to support contract holders.

For more information call POS•IM Credit Card Processing - (800) 553-9314

FAQ

1. You are listed on Visa's web site, but why aren't you listed on the PCI Security Standards Counsel's page of validated payment applications?

We spent A LOT of money creating POS•IM Charge so our users would have a PCI compatible solution. The PCI Security Standards page requires a membership (that was not included with our certification) and is expensive. We are charging a nominal upgrade fee for POS•IM Charge, but it will never return even close to what we spent creating it. We couldn't justify the expense for the membership with the money lost creating POS•IM Charge for our users. You can see the certificate on our web site, and that's good enough for us!

2. Should I choose to store or not to store credit card data?

You have the power to store credit card data securely in POS•IM Charge, but you also have the PCI responsibilities that come with storing credit card data. If you are ever faced with a "Self Assessment Questionnaire" (SAQ) from your acquirer (the company who allows you to process credit cards), then you will understand why the option exists. If you are storing credit card data then you will use SAQ D, which requires all PCI steps be met. If you are NOT storing credit card data then you will SAQ C, which has fewer requirements.

We provide both options. You can choose what works best in your situation.

See the PCI Security Standards web site for more information on Self Assessment Questionnaires.