PCI & PA-DSS Compliance: What It Means for Your Business
July 1, 2010. That’s the the date when all payment processing applications are required to be PA-DSS validated. Who should care? Well, if you sell point-of-sale (POS) systems with payment processing functions or, if you accept credit, PIN-debit and other electronic card payments, then you should. You can visit the PCI Security Standards Council (PCI SSC) website to learn about the requirements and certification process, but here are a few reasons why it’s important to your business.
First, if your payment processing system is not PA-DSS validated/PCI compliant, you can no longer process card payments. Yes, that’s correct. According to the PCI SSC guidelines, you are prohibited from using payment processing systems that are not PA-DSS certified, and if you continue to use a non-validated payment application, your business could be shut down. Is there a compliance policeman knocking down your door on July 1st? Probably not, but that doesn’t preclude you from being audited.
Second, if your network is breached and cardholder data is stolen, you could be held liable for the occurrence. This could cost you thousands of dollars, not to mention an impact on your brand/business and customer loyalty.
Third, you may find yourself on a waiting list if you delay your compliance audit. This could impact your business. If you’re a Level 4 merchant, you’ll need to complete the PCI SSC’s self-assessment questionnaire and quarterly scans by a Qualified Security Assessor (QSA). If your solution is already PCI compliant, that questionnaire may be considerably shorter. If you’re a POS developer, your payment applications require you to complete a more robust audit process that could cost several thousand dollars, in addition to making software updates/changes that may be necessary to achieve compliance.
So start planning your compliance strategy today. If you’re a Level 4 merchant, check with your POS provider or VAR to be sure your existing solution is PCI Compliant and ask for recommendations for a QSA. If you are a POS developer or VAR, discuss PA-DSS options with your payment processing vendor. You can minimize the costs and headaches associated with PA-DSS compliance if you integrate or use a PA-DSS certified solution. Merchant Warehouse offers a complete suite of PA-DSS validated solutions that minimize compliance. Check the PCI SCC website for a list of PA-DSS certified solutions and certified QSAs.
Payment Processing Solutions for SMBs
Every small- to medium-sized business needs either a basic method of accepting credit, PIN-debit and check payments or a feature-rich, integrated POS system. In these economically uncertain times, be sure your payment processing solution addresses the following SMB concerns: benefits, productivity, revenue, security and innovation before you make that call.
Benefits - Merchants need to fully understand why your processing solution is better and what they receive by using it. Do they have the most competitive pricing on merchant accounts; is there a special technology that improves their bottom line?
Productivity - All things being equal, how quickly and easily does a merchant see an increase in productivity or efficiency using your solution? Do your back-office management and reporting tools readily address this issue?
Revenue - Every business has money on their mind. How does your payment solution help develop and grow revenues? If you offer innovative technology or valuable add-on options, be sure your customer understands how it grows the bottom line. Gift and loyalty cards come to mind as an easy way to increase revenue per transactions and grow customer loyalty.
Security - With PCI Compliance requirements just around the corner, does a new payment processing system help minimize the compliance headaches and ensure card data security? How does end-to-end data encryption technology make a difference?
Innovation - New technology is great if it improves the current business’ situation, but if it adds little value and has a low ROI, it’s a hard sell. Before asking your customer to invest in new technology or upgrade their processing systems, be sure you understand their pain points and how new technology addresses them. Will lowering processing costs make a big difference for a customer or will accepting payments in real-time save money?
All businesses need cost-effective payment processing solutions. When pitching yours, make sure your solution answers these five critical business concerns.
Security Technologies for PCI Compliance
During its review of the current PCI compliance regulations, the PCI Security Standards Council will begin considering new card data security technologies that help merchants protect sensitive cardholder information. Although no revisions to PCI DSS are expected in 2010, Mark Lobel, principal at PricewaterhouseCoopers, suggests there will be a strong push for end-to-end data encryption, tokenization, magnetic-stripe imaging and virtual terminals (payment gateways).
Fortunately, Merchant Warehouse combines all of these features in its MerchantWARE® SECR™ (Secure Encrypted Card Reader) solution to help its merchants achieve PCI compliance and better protect consumer card data. If MerchantWARE SECR’s features are deemed adequate for securing payment data, wouldn’t it be worth it for every business to use this solution in their store?