Page 44 - GS170901
P. 44
Education
Helping merchants tices, software and operating system
updates, internal security, system
with PCI compliance monitoring and testing, and other
items related to keeping card data
safe.
By Rafael Lourenco All merchants and other organiza-
ClearSale tions that accept, transmit or store
card data are required to comply with
hose of us working in the payments industry know card data secu- the PCI DSS, which is revised regu-
rity matters to every business that accepts payments. For ecommerce larly as security threats evolve. For
and brick-and-mortar merchants alike, understanding and manag- example, there is a June 2018 dead-
T ing the scope and substance of compliance rules can pull resources line for organizations to move from
away from critical business needs. Thus, many choose to outsource some secure sockets layer (SSL) and early
responsibilities related to ongoing data security. transport layer security (TLS) proto-
cols to TLS 1.1 or higher to reduce the
However, whether or not they rely on security professionals or handle data risk of data breaches.
security in-house, all merchants must have a basic understanding of the
Payment Card Industry (PCI) Data Security Standard (DSS). This article Because the threat landscape is al-
provides a refresher to aid in merchant education. ways changing, PCI DSS compliance
What is PCI DSS? is not a one-time project but an ongo-
ing process. And because any loss of
The PCI Security Standards Council is the worldwide payments industry or- card data raises the fraud risk for all
ganization that manages the PCI DSS. Founded by Mastercard, Visa, American merchants, a merchant that accepts
Express Co., Discover Financial Services and JCB International Credit Card Co. even one card payment must be PCI
Ltd., the council sets the rules for card-data security. The standard covers PIN DSS-compliant to avoid liability in
transaction security, payment applications, network security, anti-virus prac- case of a breach.
What must merchants do?
Let Be Your EMV Expert! Compliance begins with a PCI self-as-
sessment questionnaire or by hiring
Your EMV Eco-System Made Affordable! a qualified security assessor to find
vulnerabilities and develop a plan to
eProcessing Network has the secure, payment solutions to help you stay current with the fix them. That's just the start, though.
technologies that keep your merchants connected. And with real-time EMV capabilities, In addition to global PCI data, device
retailers can not only process contact and contactless payments, Apple Pay and Android Pay, and network security standards, each
they’re able to manage their inventory as well as balance their books via QuickBooks Online.
card brand crafts its own compliance
standards within the PCI DSS frame-
work. That means merchants who ac-
cept multiple card brands may have
to contend with several similar but
not identical compliance rule sets.
is EMV-Certified Obviously, this is a major undertak-
ing.
The scope and complexity of the rules
is why many merchants choose to
outsource as much of their PCI com-
pliance as possible. Merchants who
choose a payment gateway, payment
processing service, and fraud-detec-
tion service that are PCI DSS com-
pliant have fewer compliance tasks
to manage in-house – although they
must still meet PCI specifications for
network security, employee security,
protection for incoming card data
1(800) 296-4810
© eProcessing Network, LLC. All Rights Reserved.
eProcessingNetwork.com All trademarks are the property of their respective holders. and other requirements.
44
