Page 17 of 40
Previous Page     Next Page        Smaller fonts | Larger fonts     Go back to the flash version

Another way of doing business that should be a thing of the past is customers filling out registration forms that include writing down a credit card number. Your POS system probably provides alterna- tives to this process, such as website registrations. In the event that a merchant is still using pen and paper to accept credit card payments from customers, the forms should be destroyed (i.e. shredded) once the card number has been entered for processing. Storing credit card numbers for recur-

ring billing and payment plans is another challenge of the digital age. PA-DSS v2.0 POS systems provide secure digital stor- age options for credit card recurring billing (a process known as “tokenization”). Spreadsheets or paper storage of credit card numbers are not PCI-compliant and are vulnerable to a security breach. Did you know it is against the merchant

agreement to store the short security code (aka CVV2, CVC2, CID) in any form, and merchants who violate this rule could be subject to a fine?

MEETING THE STANDARD VS. BEATING THE STANDARD

Hopefully you’ve visited the PA-DSS web- site and confirmed that your POS software is a Validated Payment Application. You might want to try this experiment: go to one of your POS terminals and open up Notepad on the screen. Now swipe your credit card. Do you see your name, your address, your full credit card number? Tat doesn’t seem very secure, does it? Te fact is, if you want to do everything

you can to ensure total credit card secu- rity, you need to go beyond the PA-DSS standards. Te best technology that is widely available at the current time is called Point-to-Point Encryption, or P2PE for short, and it can be surprisingly easy and cheap to implement. Ask your POS provider if they support P2PE and how you can implement it at your facil- ity. Generally, this involves purchasing a USB card reader for each POS unit. Tese come directly from your credit card pro- cessor; they encrypt the card data as soon as it is swiped, and the data can only be decrypted by the processor themselves. As an added bonus, they can usually be

installed as customer-facing readers so that your employees never have to handle customer credit cards (another potential source of fraud).

PREPARING FOR THE FUTURE

EMV cards, also known as “Smart Cards” or “Chip and PIN” (as opposed to “Swipe and Sign”) technology have long been the standard in Europe. Tey combine

ISI EDGE SPRING 2015

17

Previous arrowPrevious Page     Next PageNext arrow        Smaller fonts | Larger fonts     Go back to the flash version
1  |  2  |  3  |  4  |  5  |  6  |  7  |  8  |  9  |  10  |  11  |  12  |  13  |  14  |  15  |  16  |  17  |  18  |  19  |  20  |  21  |  22  |  23  |  24  |  25  |  26  |  27  |  28  |  29  |  30  |  31  |  32  |  33  |  34  |  35  |  36  |  37  |  38  |  39  |  40