November 16, 2010
If you are a merchant or service provider accepting credit or debit cards for payment, you need to be aware of the current regulations associated to the handling and processing of customer information.
What is PCI?
Since 2005, major credit card brands have required that merchants and service providers of all sizes involved with the collection and processing of credit card transactions be fully compliant with the Payment Card Industry Data Security Standard (PCI DSS). Organizations that are still not compliant are expected to be actively working on achieving compliance. Those that don't make satisfactory progress are subject to penalties that can include substantial fines and the cancellation of processing contracts.
PCI DSS is a collection of standards designed to reduce the possibility for account data compromise and related fraud involving payment cards, like major credit and debit cards. These standards are managed by the PCI Security Council, which in turn is managed by an association of the major credit card brands (Amex, Discover, JCB, Master Card, and Visa). Managing compliance is the job of the member brands and is enforced contractually as well as by your Acquirer (your transaction processor).
Organizations are categorized by the type of payment processing they perform, the volume of transactions or accounts processed, and the payment channels used. Merchants that take payments as well as service providers that process credit card information are grouped in levels based on these secondary factors.
Note that PCI standards extend to payment applications and payment terminals. Organizations looking to implement new payment applications or payment terminals should be aware of the Payment Application Data Security Standard (PA-DSS), which applies to 3rd party payment applications, as well as of PIN Transaction Security (PTS) hardware standards for PIN entry Devices (PEDs). (Merchants and Service Providers should leverage the list of compliant applications and hardware as a purchasing/leasing tool. See reference links [2] and [3] below.)
What's New in PCI?
PCI regulations have evolved and continue to be updated. In the meantime, deadlines for achieving compliance are looming. Here's what to look for in the next 12 - 18 months:
Currently:
How can Primus Managed Hosting help?
Primus is a Certified Level 1 PCI service provider for its 7 Canadian Internet Data Centre facilities.
Using a certified hosting provider avoids complex and time consuming effort at the start of the project. If your hosting provider isn't certified, then under the standard, the onus lies with your organization to either audit the premises according to the standards or to employ an organization to do this on your behalf.
Your responsibility for the non-infrastructure aspects of compliance, such as implementing a corporate security policy and ensuring that your employees are trained on proper cardholder data handling is much easier when the technical infrastructure aspects are already being addressed on your behalf by the Primus team.
Working with each customer, Primus can ensure a safe, compliant and successful hosting experience. Knowing and understanding what PCI compliance is and who is responsible for which parts will lead to even more success for all involved in the process.
It also means that the people, money and time that you'd rather dedicate to your customers will not be spent creating, implementing and managing the tools and technologies that you need to stay compliant.
Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.