Securing Payment Data

[av_image src=’http://home.ncourt.com/wp-content/uploads/2018/04/securing-payment-datat.jpg’ attachment=’3610′ attachment_size=’full’ align=’center’ styling=” hover=” link=” target=” caption=” font_size=” appearance=” overlay_opacity=’0.4′ overlay_color=’#000000′ overlay_text_color=’#ffffff’ animation=’no-animation’ custom_class=”][/av_image]

[av_image src=’http://home.ncourt.com/wp-content/uploads/2018/03/blog-image-secure-payments.jpg’ attachment=’3522′ attachment_size=’full’ align=’center’ styling=” hover=” link=” target=” caption=” font_size=” appearance=” overlay_opacity=’0.4′ overlay_color=’#000000′ overlay_text_color=’#ffffff’ animation=’no-animation’ custom_class=”][/av_image]

[av_textblock size=” font_color=” color=” custom_class=”]
Recent data breaches such as Equifax, Kmart, and Verizon, among others have captured global headlines, putting data security concerns at the forefront of people’s minds. These massive breaches spotlight the need for greater security across all business sectors — private and public. The digital information age provides consumers with many conveniences, especially when it comes to electronic payment processing. But regardless of whether individuals are paying in person or online, securing payment data is of the utmost importance.

What are some of the baseline security measures for payments?

Flexible payment options benefit both courts, governments, and the public, enabling quick and timely fee and fine payment processing through multiple convenient methods. However, most people feel more comfortable taking advantage of online and in-person payments, especially when knowing that security measures are in place to protect sensitive payment data.

So what measures are necessary and what are the benefits of choosing secure payment methods? A payment processing solution that keeps security top of mind helps to ensure compliance with necessary regulations, gives confidence and peace of mind for users, and prevents costly and damaging data breaches. To understand these benefits, courts and government agencies should become familiar with some of the common security measures for payment processing solutions — used in both private and public sectors. Below are common security measures that include Payment Card Industry (PCI) compliance, encryption, tokenization, point-to-point encryption (P2PE), and EMV (Europay, MasterCard®, Visa®) technology:

  • PCI compliance — Payment card companies maintain and enforce the security standards that determine PCI compliance for any company that stores, transmits, or processes cardholder data. These standards are in place to ensure consumer information remains secure. There are four levels of compliance, and as our previous blog “What is PCI-DSS Compliance?” mentions, the greater the number of credit and debit card transactions an organization conducts, the higher level of compliance they have to achieve. The highest level is Level 1 PCI compliant, which enforces the strictest standards and includes a yearly onsite review by an international auditor and a network scan by an approved vendor.
  • Encryption — A secure payment solution will employ encryption for better protection of payment data. This technology obscures all payment data, so it is unreadable to any person or device without the associated decryption keys.
  • Tokenization — As explained on our website, when card information needs to be retained for future transactions, tokens are used instead of cardholder data. Since each transaction is unique, encrypted card data stored from a previous transaction is unusable. So, when a transaction is performed, the bank or payment processor may return a token, which can be stored and used at a later date for subsequent transactions, and tokenization technology is also available with EMV card reader devices. Most importantly, the token cannot be reversed to retrieve any cardholder data.
  • P2PE Point-to-point encryption (P2PE) is a standard established by the PCI Security Standards Council. Certified P2PE devices use algorithmic calculations to encrypt the sensitive cardholder data at the point of interaction (POI) and the encrypted, indecipherable codes are sent only to the payment processor for decryption. Also, to maximize the security of the payment data, the management of encryption keys is completely invisible and never made available to businesses accepting payments.
  • EMV EMV created a global standard to ensure that point-of-sale (POS) terminals were compatible with chip-based payment cards. By utilizing a layered approach that includes both encryption and tokenization, EMV delivers solid protection for cardholder data using the dual technology. More businesses are implementing EMV-enabled terminals for acceptance of chip-based credit and debit card transactions because of its security protection at consumer- and business-level exchanges. The chip cards create a new and unique code for each transaction at the POS, which is used for that specific transaction only. If a hacker breaches the POS and steals the data, it will be rendered useless. EMV will continue to play a significant role in decreasing the amount of card-present fraud in the U.S.

Keep data security a priority

Providing businesses with flexible payment options comes with the responsibilities and challenges of securing their payment data. This undertaking can be overwhelming and complex. To ensure your processing environment is as secure as possible, seek out payment services providers who keep security top of mind, and have the reputation, experience, and knowledge to implement secure and compliant-driven processes.

Offering peace of mind to courts and government agencies, nCourt maintains PCI-DSS Level 1 certification as well as other security compliances and best practices. To learn more, visit us online or contact us today.

[/av_textblock]

[av_social_share title=’Share this entry’ style=’minimal’ buttons=” custom_class=”]

Why PCI Compliance Is Still Important

[av_image src=’http://home.ncourt.com/wp-content/uploads/2017/06/pci-compliance.jpg’ attachment=’3605′ attachment_size=’full’ align=’center’ styling=” hover=” link=” target=” caption=” font_size=” appearance=” overlay_opacity=’0.4′ overlay_color=’#000000′ overlay_text_color=’#ffffff’ animation=’no-animation’ custom_class=”][/av_image]

[av_image src=’http://home.ncourt.com/wp-content/uploads/2017/06/pci-compliance-important.jpg’ attachment=’3248′ attachment_size=’full’ align=’center’ styling=” hover=” link=” target=” caption=” font_size=” appearance=” overlay_opacity=’0.4′ overlay_color=’#000000′ overlay_text_color=’#ffffff’ animation=’no-animation’ custom_class=”][/av_image]

[av_textblock size=” font_color=” color=” custom_class=”]
PCI compliance can seem like one more burden on payment processors, but maintaining compliance offers security-related benefits to courts and government agencies.

PCI Compliance 101

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards developed by an independent body to ensure that any company that accepts, processes, stores, or transmits credit card information does so in a secure manner. Developed in 2006, the PCI standard is designed to make sure all credit card processors are held to a security baseline.

Understanding the PCI Levels

The PCI defines levels of compliance to determine an organization’s risk and appropriate security requirements based on their combined transaction volume over a 12-month period—including credit, debit, and prepaid cards. The four levels of compliance are:

PCI Compliance Level 1
More than 6 million Visa and/or Mastercard transactions processed per year

Validation Requirements:

  • Annual Report on Compliance (“ROC”) by Qualified Security Assessor (“QSA”) – also commonly known as a Level 1 onsite assessment – or internal auditor if signed by officer of the company
  • Quarterly network scan by Approved Scan Vendor (ASV)
  • Attestation of Compliance Form

PCI Compliance Level 2
1 million to 6 million Visa and/or Mastercard transactions processed per year

Validation Requirements:

  • Annual Self-Assessment Questionnaire (“SAQ”)
  • Quarterly network scan by ASV
  • Attestation of Compliance Form

PCI Compliance Level 3
20,000 to 1 million Visa and/or Mastercard e-commerce transactions processed per year

Validation Requirements:

  • Annual Self-Assessment Questionnaire (“SAQ”)
  • Quarterly network scan by ASV
  • Attestation of Compliance Form

PCI Compliance Level 4
Less than 20,000 Visa and/or Mastercard e-commerce transactions processed per year as well as all other companies that process as many as 1 million Visa transactions per year

Validation Requirements:

  • Annual Self-Assessment Questionnaire (“SAQ”)
  • Quarterly network scan by ASV
  • Attestation of Compliance Form. Note: Ultimately, Compliance validation requirements set by acquirer

An organization’s level of compliance is determined by card brands based on processing volume. Thus, a service provider might start at level 4 and over time become a level 1 provider as a result of an increase in the number of transactions processed; maintaining compliance with PCI DSS is crucial.

The Security Benefits of PCI Compliance

In addition to being good security practices, PCI compliance can help courts and government agencies ensure they are maintaining a secure environment. The PCI standard facilitates continual identification of developing and ongoing threats and vulnerabilities, helping your organization stay safe from data breaches.

Consider, for example, the Home Depot data breach where hackers used malware-infected software to steal millions of customer credit and debit card numbers. Proper implementation of PCI standards, which require routine vulnerability scans among additional security processes, would have saved the company the $19.5 million in settlement costs as well as the brand damage done. Additional PCI protocols that help protect from malware and other attacks include requirements for:

  • Proper implementation of role-based security as well as user authentication
  • Secured connections for sensitive data transmissions
  • Detailed logging for audit reporting
  • Employment of strong encryption

Do you know the PCI compliance level of your service provider?

Compliance requirements can be overwhelming but partnering with the right payment services provider, government agencies can rest assured their payment transaction processes are compliant and secure. In addition, seeking out a payment services provider who qualifies as a “PCI Compliance Level 1” means you do not have to worry about finding and vetting another payment services partner should your annual transaction volume increase over time. You’re covered, secure, and compliant.
[/av_textblock]

[av_social_share title=’Share this entry’ style=’minimal’ buttons=” custom_class=”]

Why Every Court Needs EMV Card Readers

[av_image src=’http://home.ncourt.com/wp-content/uploads/2017/05/emv-card-readers.gif’ attachment=’3609′ attachment_size=’full’ align=’center’ styling=” hover=” link=” target=” caption=” font_size=” appearance=” overlay_opacity=’0.4′ overlay_color=’#000000′ overlay_text_color=’#ffffff’ animation=’no-animation’ custom_class=”][/av_image]

[av_image src=’http://home.ncourt.com/wp-content/uploads/2017/03/emv-card-readers-5.jpg’ attachment=’3016′ attachment_size=’full’ align=’center’ styling=” hover=” link=” target=” caption=” font_size=” appearance=” overlay_opacity=’0.4′ overlay_color=’#000000′ overlay_text_color=’#ffffff’ animation=’no-animation’ custom_class=”][/av_image]

[av_textblock size=” font_color=” color=” custom_class=”]
Citizens have been known to pay court fines with stolen credit cards. Don’t believe it? The Michigan Department of Corrections recently charged a 25-year-old man with fraud after he attempted to pay his probation restitution with a stolen card. The incident serves as a reminder that courts and government agencies are not exempt from credit card fraud. The good news is that fraud has been declining due to EMV (Europay, Mastercard®, and Visa®) chip cards and point-of-sale (POS) card readers. EMV enabled payment devices offer the courts a viable solution to help prevent credit card fraud within card-present environments.

What Is EMV?

The EMV standard has been available internationally for some time and was adopted in the United States in 2015. This global standard employs microchip technology for authentication embedded on the card, rather than traditional swipe cards with magnetic strip authentication.

What Are the Benefits of EMV?

When hackers are able to steal magnetic strip data, it can be used over and over for fraudulent purposes. In contrast, EMV makes use of point-to-point encryption (P2PE). The chips on EMV cards create a new and unique code for each transaction at the POS, which is used for that specific transaction only. If a hacker breaches the POS and steals the data, it will be useless. As research director Julie Conroy of financial industry research company Aite Group explains, “These new and improved cards are being deployed to improve payment security, making it more difficult for fraudsters to successfully counterfeit cards. It’s an important step forward.”

How Do EMV Card Readers Help Courts?

The widespread adoption of EMV cards in the United States means that more people will become familiar with and look for EMV card readers when making payments. According to Visa’s December 2016 chip card update, last year saw a 92% increase in Visa chip cards compared with the previous year. Courts that offer EMV card readers provide a secure and simple on-premises payment method that enables citizens to pay quickly and conveniently. And EMV card readers provide security for both the payer and payee—Visa reports a 52% decrease in counterfeit fraud at chip-enabled merchants in September 2016 alone (compared with September 2015).

Securely Collect Court Fines On-Premises

At nCourt, we are continually working to make payment processing easier and more secure for you and the paying citizens you serve. This evolution includes offering Payment Card Industry (PCI)-compliant EMV devices that use point-to-point encryption to enable quick and secure countertop payment on-premises.

Please contact nCourt for an initial consultation and evaluation of your current payment process. We’re here to help!
[/av_textblock]

[av_social_share title=’Share this entry’ style=’minimal’ buttons=” custom_class=”]

What is PCI-DSS Compliance?

[av_image src=’http://home.ncourt.com/wp-content/uploads/2017/04/pci-compliancev2.jpg’ attachment=’3615′ attachment_size=’full’ align=’center’ styling=” hover=” link=” target=” caption=” font_size=” appearance=” overlay_opacity=’0.4′ overlay_color=’#000000′ overlay_text_color=’#ffffff’ animation=’no-animation’ custom_class=”][/av_image]

[av_image src=’http://home.ncourt.com/wp-content/uploads/2017/04/pci-dss-compliance-2.jpg’ attachment=’3004′ attachment_size=’full’ align=’center’ styling=” hover=” link=” target=” caption=” font_size=” appearance=” overlay_opacity=’0.4′ overlay_color=’#000000′ overlay_text_color=’#ffffff’ animation=’no-animation’ custom_class=”][/av_image]

[av_textblock size=” font_color=” color=” custom_class=”]
In our last post, we wrote about EMV-enabled card readers and why they are an important step for keeping your financial information secure. However, EMV card readers aren’t the only thing necessary for keeping your information safe. Read on to learn about PCI-DSS compliance and why it is an integral part of secure payment processing.

PCI-DSS Compliance Explained

The Payment Card Industry Data Security Standard (PCI-DSS) is a set of requirements designed to ensure that companies that process, store or transmit credit card information maintain a secure environment. The standard is decided by the Security Standards Council, which is a global council founded by American Express, Discover Financial Services, JCB International, MasterCard and Visa Inc.

The standard applies to all merchants accepting credit cards and is designed to protect consumers’ personal and financial information. Of course, the requirements also protect the credit card companies, since they are the ones that often eat the costs of fraudulent charges. However, the end effect is stronger protection for consumers, merchants, and banks.

There are four different levels of PCI-DSS compliance. The greater the number of credit and debit card transactions an organization conducts, the higher level of compliance they have to achieve. Organizations that conduct over six million credit or debit card transactions in a year have to be Level 1 PCI compliant, while companies that conduct fewer than 20,000 only need Level 4 PCI compliance. The Security Standards Council sets a higher standard for organizations that conduct large numbers of transactions. To be Level 1 PCI compliant, an organization has to have a yearly onsite review by an international auditor and a network scan by an approved vendor. PCI has a list of approved vendors on their website.

If someone fails to meet the requirements for their level of compliance, the council reserves the right to hold you to a higher standard. So, even if your organization conducts less than 20,000 transactions, it may still have to abide by the PCI Level 1 requirements.

Click here to see the full list of PCI-DSS compliance requirements.

EMV Card Readers and PCI-DSS Compliance for Maximum Security

As we wrote earlier, EMV card readers aren’t all you need to keep your financial information secure. This is because the EMV readers’ primary function is authentication, not data protection. Cards only help protect in-person (card present) transactions in which an EMV card reader is used.

But when EMV readers are coupled with PCI-DSS compliant post-sale safeguards, you can be pretty sure your information is safe. If your organization wants to process credit and debit card transactions at the point-of-sale, you should seriously consider working only with companies that provide PCI Level 1 compliant payment processing services.
[/av_textblock]

[av_social_share title=’Share this entry’ style=’minimal’ buttons=’custom’ share_facebook=’aviaTBshare_facebook’ share_twitter=’aviaTBshare_twitter’ share_gplus=’aviaTBshare_gplus’ share_linkedin=’aviaTBshare_linkedin’ share_mail=’aviaTBshare_mail’ custom_class=”]

What is EMV and Why Does it Matter?

[av_image src=’http://home.ncourt.com/wp-content/uploads/2017/03/what-is-emv.jpg’ attachment=’3613′ attachment_size=’full’ align=’center’ styling=” hover=” link=” target=” caption=” font_size=” appearance=” overlay_opacity=’0.4′ overlay_color=’#000000′ overlay_text_color=’#ffffff’ animation=’no-animation’ custom_class=”][/av_image]

[av_image src=’http://home.ncourt.com/wp-content/uploads/2017/03/emv-card-readers-4.jpg’ attachment=’3007′ attachment_size=’full’ align=’center’ styling=” hover=” link=” target=” caption=” font_size=” appearance=” overlay_opacity=’0.4′ overlay_color=’#000000′ overlay_text_color=’#ffffff’ animation=’no-animation’ custom_class=”][/av_image]

[av_textblock size=” font_color=” color=” custom_class=”]
You’ve undoubtedly seen them every time you stop at your local convenience store, or a version of them when you’ve checked out at the grocery store. You may have even seen a version at a local restaurant, alleviating the need for you to hand your card over to your server who disappears with it for several minutes. Most merchants, large and small, now utilize some version of the EMV-enabled Point-of-Sale (POS) card reader. But what is EMV? And why does it matter?

You might assume that the sole purpose of these readers is to simplify the process of collecting payment by credit or debit card, benefitting the merchant, but these readers are also designed to create a much more secure process of collecting payments, which benefits individual consumers as well.

What is EMV?

EMV stands for “Europay, MasterCard, Visa.” It is the “chip” or “contactless card” technology that has recently been added to most Visa and MasterCard credit and debit cards. The purpose of the chips is to give the consumer more control of their card – keeping it out of the hands of would-be fraudulent users.

When you insert or “touch” your card at one of these EMV-enabled POS readers, you retain control of your credit or debit card information. You aren’t handing your card over to another person or company. Previously, your credit or debit card information was stored by the collector of your payment – and therefore, subject to potentially fraudulent activity on an individual basis. Now, through the use of these readers, your personal information stays in your own control.

EMV reader technology adds additional layers of protection for your personal financial information. In recent years, major retailers have experienced high-profile data breaches, exposing the credit and debit card numbers of millions of consumers to potential theft and fraud. In the well-known cases of Home Depot and Target, the transactions containing consumer credit and debit card numbers were stored in their databases. When those databases were hacked, the hackers had access to literally millions of card numbers. EMV readers eliminate this risk through encryption and something called “tokenization.”

Encryption

Point-to-Point Encryption (P2PE) is used to protect the cardholder data at the start of a transaction. All tracked data, including account number and expiration date, is obscured so that the data cannot be decrypted without the corresponding decryption keys. Using P2PE, card data is encrypted at the time of reading (swipe, insert or manual entry) and stays encrypted until received and decrypted by the payment processor.

Tokenization

When card information needs to be retained for future transactions, tokens are used instead of cardholder data. Since each transaction is unique, encrypted card data stored from a previous transaction is unusable. So, when a transaction is performed, the bank or payment processor may return a token, which can be stored and used at a later date for subsequent transactions. Most importantly, the token cannot be reversed to retrieve any cardholder data.

While EMV-enabled card readers haven’t removed all risk of credit and debit card fraud, they are much safer than the traditional magnetic strip method. No longer is sensitive buyer information left in the seller’s database for any employee or hacker to obtain.
[/av_textblock]

[av_social_share title=’Share this entry’ style=’minimal’ buttons=’custom’ share_facebook=’aviaTBshare_facebook’ share_twitter=’aviaTBshare_twitter’ share_gplus=’aviaTBshare_gplus’ share_linkedin=’aviaTBshare_linkedin’ share_mail=’aviaTBshare_mail’ custom_class=”]