This is the third of three related posts that cover what you need to know about compliance if you accept credit or debit payment cards. If you have not read our first or second posts, please click either of these links: Part 1 and Part 2.
Contacting the Payment Card Brands
Businesses must contact and assure individual PCI compliance with American Express, JCB (The International Payment Brand from Japan), Mastercard, Discover, and VISA. This assures your protection and commitment to the card vendors. There are also many terms to know when it comes to PCI compliance.
Term Definitions for PCI Compliance
Every technology has a few new terms. We want to keep things clear and simple for you. Here are some concise definitions related to the jargon of compliance.
1. Point to Point Encryption (P2PE)
a. This is the transforming of card data into an encrypted secret code. The customer card data is encrypted at the point of a card swipe. The data stays encrypted until it reaches the solution provider’s secure decryption environment.
b. The P2PE Standard must be met by vendors to ensure that their procedures meet the necessary requirements for the protection of payment card data. Only PCI Security Standard Council-listed solutions (software tools) are recognized as meeting the requirements necessary for merchants.
Tokenization is the process of replacing sensitive data with unique identification symbols that retain all the essential information about the data without compromising its security.
3. Card Skimming
The first type of skimming is the capture of payment data directly from a customer payment card. A merchant employee, with criminal intent, can handle the card and in an instant – undetected – swipe it with a small, portable card reader.
The second type of skimming involves the placement of an internal recording device into a card transaction terminal. Later the device is recovered and the card data can be downloaded. This can take place after hours within a business establishment.
4. Upgrading to Chip and PIN
Chip technology involves the elimination of the magnetic strip on a payment card and replacement with an internal Chip. Chip-and-PIN is the most secure type of credit card technology. Instead of a signature being used for identity verification (anybody can scribble a name) Chip-and-PIN requires you to enter a four-digit Personal Identification Number (PIN) that must correspond to special coded information contained in a computer chip (rather than a magnetic strip) which is embedded within the card. The inclusion of the computer chip makes card data exponentially harder for criminals to access. Even if they manage to steal a card, they won’t be able to rack up charges with it, because they’d also need to know the PIN.
There is More to Being Secure
We realize that there are more details involved with your business becoming a Participating Organization within the Payment Card Industry protection program. Those details are simply beyond the scope of three brief blog posts. There is more to becoming compliant under the PCI Security Standards Council.
We genuinely believe that becoming both PCI active and in compliance is an investment that offers business security and also advantages that will have a significant return on investment for your company’s bottom line. At Garner IT Consulting, we can help. Feel free to call us at 850.250.3210 or drop by our offices at 1330 Harrison Avenue, Panama City, Bay County, Florida. We’ll give you a warm welcome and we’ll listen carefully.
Best wishes, Randall and Julie Garner and the entire Garner IT team of professionals