This book includes a plain text version that is designed for high accessibility. To use this version please follow this link.
Another way of doing business that should be a thing of the past is customers filling out registration forms that include writing down a credit card number. Your POS system probably provides alterna- tives to this process, such as website registrations. In the event that a merchant is still using pen and paper to accept credit card payments from customers, the forms should be destroyed (i.e. shredded) once the card number has been entered for processing. Storing credit card numbers for recur-


ring billing and payment plans is another challenge of the digital age. PA-DSS v2.0 POS systems provide secure digital stor- age options for credit card recurring billing (a process known as “tokenization”). Spreadsheets or paper storage of credit card numbers are not PCI-compliant and are vulnerable to a security breach. Did you know it is against the merchant


agreement to store the short security code (aka CVV2, CVC2, CID) in any form, and merchants who violate this rule could be subject to a fine?


MEETING THE STANDARD VS. BEATING THE STANDARD


Hopefully you’ve visited the PA-DSS web- site and confirmed that your POS software is a Validated Payment Application. You might want to try this experiment: go to one of your POS terminals and open up Notepad on the screen. Now swipe your credit card. Do you see your name, your address, your full credit card number? Tat doesn’t seem very secure, does it? Te fact is, if you want to do everything


you can to ensure total credit card secu- rity, you need to go beyond the PA-DSS standards. Te best technology that is widely available at the current time is called Point-to-Point Encryption, or P2PE for short, and it can be surprisingly easy and cheap to implement. Ask your POS provider if they support P2PE and how you can implement it at your facil- ity. Generally, this involves purchasing a USB card reader for each POS unit. Tese come directly from your credit card pro- cessor; they encrypt the card data as soon as it is swiped, and the data can only be decrypted by the processor themselves. As an added bonus, they can usually be


installed as customer-facing readers so that your employees never have to handle customer credit cards (another potential source of fraud).


PREPARING FOR THE FUTURE


EMV cards, also known as “Smart Cards” or “Chip and PIN” (as opposed to “Swipe and Sign”) technology have long been the standard in Europe. Tey combine


ISI EDGE SPRING 2015


17


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40