PCI Data Security Standard | EMV

• Payment Card Industry (PCI) and the Payment Application Data Security Standard (PA-DSS)
• Your Responsibility for Compliance
• PCI Implementation Guides
• Europay MasterCard Visa (EMV) Standard - What You Need to Know

ARE YOU AT RISK?  If you process Credit Card data, you have contractual security responsibilities that you may be unaware. 

PCI Assistance and Consultation: Our Support Plan customers can receive assistance on these ever-changing security requirements. We monitor regulations, can deliver software version updates with Software Update Licensing, and can provide update installation services when necessary. However, having a software version on the PA-DSS validated list satisfies only 1 of 12 minimum requirements. We can provide guidance on meeting the many other responsibilities, which are all part of a Merchant's contractual obligation with the Credit Card Issuers.  

To assess Merchant compliance to PA-DSS, the PCI Security Standards Council certifies organizations that assess and validate adherence to PCI Security Standards. If you seek this type of assessment, contact a Qualified Security Assessor (QSA). We can provide assistance to your QSA as well. 

The Payment Application Data Security Standard (PA-DSS) Is Not Going Away: PCI-SSC changed the Renewal Policy for PA-DSS in Version 2.0, making all v2.0 Validations good until 10/28/2016 (with annual renewals not required for POS Vendor) if the Operating System is supported.  Merchants processing Credit Cards should take the PA-DSS seriously, not only to maintain contractual agreements with Credit Card Issuers, but also most importantly to help avoid security issues.

VISA BULLETIN: Effective March 31, 2016, acquirers must communicate to all Level 4 merchants that beginning January 31, 2017, those merchants use only Payment Card Industry (PCI)-certified Qualified Integrators and Reseller (QIR) professionals for POS application installation and integration, and ensure that those merchants engage only PCI QIR professionals. DCRS is PCI QIR Certified.  Also effective January 31, 2017, acquirers must ensure Level 4 merchants annually validate PCI DSS compliance or participate in the Technology Innovation Program (TIP).

MERCHANTS that use a Payment Application ARE RESPONSIBLE  for maintaining the PCI DSS-compliant status of both their environment and their Payment Application configuration. To assist you in this responsibility, Payment Application Software Vendors produce documents for Merchants to provide guidance and instructions on how to properly implement their Payment Application in a secure manner.  These documents describe the steps that YOU, AS A MERCHANT, SHOULD FOLLOW in order for you to comply with the PCI PA-DSS, since Merchant employees often undertake activities that affect compliance. 

PCI Implementation Guides will assist you to:

• Implement the Payment Application software into a merchant environment in a PCI DSS compliant manner
• Configure such Payment Applications according to the Payment Application‘s PA-DSS Implementation Guide provided by the Vendor
• Service such Payment Applications (for example, troubleshooting, delivering remote updates, and providing remote support) according to the PA-DSS Implementation Guide and PCI DSS.
• Payment Gateways, that are not Payment Applications, do not fall under PCI PA-DSS (see BridgePay Gateway, used with MobileBytes Services) 

PCI Implementation Guides are typically distributed to our Customers during our Planning Meetings with you, or prior to Final Installation, and are also available below.

What you need to know about the Europay MasterCard Visa (EMV) Standard: The acceptance of EMV in Restaurants and Retail stores takes far more than having a POS system that can read a chip-based card. The Payment Gateway, the Payment Processor, and the Card-issuing Bank must all be able to accommodate the EMV Standard. We encourage any Restaurant or Retail store to become educated on EMV, and compute and consider their potential liability against the investment costs and operational changes that are required to satisfy EMV acceptance, before making any decision. Learn more here.