What is PCI-DSS Compliance?

[av_image src=’http://home.ncourt.com/wp-content/uploads/2017/04/pci-compliancev2.jpg’ attachment=’3615′ attachment_size=’full’ align=’center’ styling=” hover=” link=” target=” caption=” font_size=” appearance=” overlay_opacity=’0.4′ overlay_color=’#000000′ overlay_text_color=’#ffffff’ animation=’no-animation’ custom_class=”][/av_image]

[av_image src=’http://home.ncourt.com/wp-content/uploads/2017/04/pci-dss-compliance-2.jpg’ attachment=’3004′ attachment_size=’full’ align=’center’ styling=” hover=” link=” target=” caption=” font_size=” appearance=” overlay_opacity=’0.4′ overlay_color=’#000000′ overlay_text_color=’#ffffff’ animation=’no-animation’ custom_class=”][/av_image]

[av_textblock size=” font_color=” color=” custom_class=”]
In our last post, we wrote about EMV-enabled card readers and why they are an important step for keeping your financial information secure. However, EMV card readers aren’t the only thing necessary for keeping your information safe. Read on to learn about PCI-DSS compliance and why it is an integral part of secure payment processing.

PCI-DSS Compliance Explained

The Payment Card Industry Data Security Standard (PCI-DSS) is a set of requirements designed to ensure that companies that process, store or transmit credit card information maintain a secure environment. The standard is decided by the Security Standards Council, which is a global council founded by American Express, Discover Financial Services, JCB International, MasterCard and Visa Inc.

The standard applies to all merchants accepting credit cards and is designed to protect consumers’ personal and financial information. Of course, the requirements also protect the credit card companies, since they are the ones that often eat the costs of fraudulent charges. However, the end effect is stronger protection for consumers, merchants, and banks.

There are four different levels of PCI-DSS compliance. The greater the number of credit and debit card transactions an organization conducts, the higher level of compliance they have to achieve. Organizations that conduct over six million credit or debit card transactions in a year have to be Level 1 PCI compliant, while companies that conduct fewer than 20,000 only need Level 4 PCI compliance. The Security Standards Council sets a higher standard for organizations that conduct large numbers of transactions. To be Level 1 PCI compliant, an organization has to have a yearly onsite review by an international auditor and a network scan by an approved vendor. PCI has a list of approved vendors on their website.

If someone fails to meet the requirements for their level of compliance, the council reserves the right to hold you to a higher standard. So, even if your organization conducts less than 20,000 transactions, it may still have to abide by the PCI Level 1 requirements.

Click here to see the full list of PCI-DSS compliance requirements.

EMV Card Readers and PCI-DSS Compliance for Maximum Security

As we wrote earlier, EMV card readers aren’t all you need to keep your financial information secure. This is because the EMV readers’ primary function is authentication, not data protection. Cards only help protect in-person (card present) transactions in which an EMV card reader is used.

But when EMV readers are coupled with PCI-DSS compliant post-sale safeguards, you can be pretty sure your information is safe. If your organization wants to process credit and debit card transactions at the point-of-sale, you should seriously consider working only with companies that provide PCI Level 1 compliant payment processing services.
[/av_textblock]

[av_social_share title=’Share this entry’ style=’minimal’ buttons=’custom’ share_facebook=’aviaTBshare_facebook’ share_twitter=’aviaTBshare_twitter’ share_gplus=’aviaTBshare_gplus’ share_linkedin=’aviaTBshare_linkedin’ share_mail=’aviaTBshare_mail’ custom_class=”]

What is EMV and Why Does it Matter?

[av_image src=’http://home.ncourt.com/wp-content/uploads/2017/03/what-is-emv.jpg’ attachment=’3613′ attachment_size=’full’ align=’center’ styling=” hover=” link=” target=” caption=” font_size=” appearance=” overlay_opacity=’0.4′ overlay_color=’#000000′ overlay_text_color=’#ffffff’ animation=’no-animation’ custom_class=”][/av_image]

[av_image src=’http://home.ncourt.com/wp-content/uploads/2017/03/emv-card-readers-4.jpg’ attachment=’3007′ attachment_size=’full’ align=’center’ styling=” hover=” link=” target=” caption=” font_size=” appearance=” overlay_opacity=’0.4′ overlay_color=’#000000′ overlay_text_color=’#ffffff’ animation=’no-animation’ custom_class=”][/av_image]

[av_textblock size=” font_color=” color=” custom_class=”]
You’ve undoubtedly seen them every time you stop at your local convenience store, or a version of them when you’ve checked out at the grocery store. You may have even seen a version at a local restaurant, alleviating the need for you to hand your card over to your server who disappears with it for several minutes. Most merchants, large and small, now utilize some version of the EMV-enabled Point-of-Sale (POS) card reader. But what is EMV? And why does it matter?

You might assume that the sole purpose of these readers is to simplify the process of collecting payment by credit or debit card, benefitting the merchant, but these readers are also designed to create a much more secure process of collecting payments, which benefits individual consumers as well.

What is EMV?

EMV stands for “Europay, MasterCard, Visa.” It is the “chip” or “contactless card” technology that has recently been added to most Visa and MasterCard credit and debit cards. The purpose of the chips is to give the consumer more control of their card – keeping it out of the hands of would-be fraudulent users.

When you insert or “touch” your card at one of these EMV-enabled POS readers, you retain control of your credit or debit card information. You aren’t handing your card over to another person or company. Previously, your credit or debit card information was stored by the collector of your payment – and therefore, subject to potentially fraudulent activity on an individual basis. Now, through the use of these readers, your personal information stays in your own control.

EMV reader technology adds additional layers of protection for your personal financial information. In recent years, major retailers have experienced high-profile data breaches, exposing the credit and debit card numbers of millions of consumers to potential theft and fraud. In the well-known cases of Home Depot and Target, the transactions containing consumer credit and debit card numbers were stored in their databases. When those databases were hacked, the hackers had access to literally millions of card numbers. EMV readers eliminate this risk through encryption and something called “tokenization.”

Encryption

Point-to-Point Encryption (P2PE) is used to protect the cardholder data at the start of a transaction. All tracked data, including account number and expiration date, is obscured so that the data cannot be decrypted without the corresponding decryption keys. Using P2PE, card data is encrypted at the time of reading (swipe, insert or manual entry) and stays encrypted until received and decrypted by the payment processor.

Tokenization

When card information needs to be retained for future transactions, tokens are used instead of cardholder data. Since each transaction is unique, encrypted card data stored from a previous transaction is unusable. So, when a transaction is performed, the bank or payment processor may return a token, which can be stored and used at a later date for subsequent transactions. Most importantly, the token cannot be reversed to retrieve any cardholder data.

While EMV-enabled card readers haven’t removed all risk of credit and debit card fraud, they are much safer than the traditional magnetic strip method. No longer is sensitive buyer information left in the seller’s database for any employee or hacker to obtain.
[/av_textblock]

[av_social_share title=’Share this entry’ style=’minimal’ buttons=’custom’ share_facebook=’aviaTBshare_facebook’ share_twitter=’aviaTBshare_twitter’ share_gplus=’aviaTBshare_gplus’ share_linkedin=’aviaTBshare_linkedin’ share_mail=’aviaTBshare_mail’ custom_class=”]