| IMPORTANT ADVISORY |
|
|
VISA PAYMENT APPLICATION SECURITY MANDATES DEADLINE July 1, 2010 The Visa mandate requiring merchants to use PA-DSS compliant payment applications is upon you in NOW! What does this mean? Visa is requiring that all POS systems in which credit cards are processed must be using a PA-DSS compliant version of software by July 1, 2010. For most, this will mean upgrading your software to meet the standard. Source: Visa, www.visa.com/cisp What is PA-DSS? The goal of Payment Application Data Security Standard (PA-DSS) is to help software vendors and others develop secure payment applications that do not store prohibited data, such as full magnetic stripe, CVV2 or PIN data, and ensure their payment applications support compliance with the PCI DSS. Please visit the PCI website at http://www.pcisecuritystandards.org/ or contact your payment processor or bank for more information. Source: PCI Security Standards Council, http://www.pcisecuritystandards.org/ What is PCI DSS? The Payment Card Industry Data Security Standard (PCI DSS) is a set of comprehensive requirements for enhancing payment account data security. Developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. Inc. International, to help facilitate the broad adoption of consistent data security measures on a global basis. Please visit the PCI website at http://www.pcisecuritystandards.org/ or contact your payment processor or bank for more information. Source: PCI Security Standards Council, http://www.pcisecuritystandards.org/ Why should this be important to you? It is your responsibility as a merchant to ensure you are meeting PCI DSS compliance requirements. Failure to comply means you would be subject to fines by the card brands should you experience a security breach. When a merchant is identified as the common point of purchase for cards that have been breached, the card brands hold the merchant liable and start a forensic audit. The typical cost to a small merchant of this audit is $10,000. If the merchant is found to not have been in compliance with PCI DSS, the card brands can assess fines. The average cost to small merchants is $25,000, depending upon the number of cards affected. Merchants that have made notable efforts towards PCI compliance may receive lighter fines. Source: Mercury Payment Systems, http://go.mercurypay.com/pcipartner/whycare.htm Using a PA-DSS compliant payment application meets Visa’s payment application security mandates. Additionally, PA-DSS compliant applications help merchants and agents mitigate compromises, prevent storage of sensitive cardholder data, and support overall compliance with the PCI DSS. Source: Visa, www.visa.com/cisp Midlands Business Equipment can assist! Contact Midlands to verify the version of software you are currently using. The following are versions that are validated on the new standard:
For a list of PCI PA-DSS validated POS versions, go to this link. For a list of Visa PABP (PABP was the predecessor to PA-DSS) validated POS versions, go to this link. Other Useful Resources available on the Web: Visa U.S. Payment Application Security Mandates Frequently Asked Questions: (Under “Top Downloads” on right side of the web page) http://usa.visa.com/merchants/risk_management/cisp_payment_applications.html Payment Card Industry Security Standards Council (PCI SSC): Payment Card Industry Data Security Standard (PCI DSS): PCI Data Security Standards Supporting Documents: -Self Assessment Questionnaire Our friends at Mercury Payment Systems -PCI Resources page (several helpful videos)
The Digital Dozen The core of the PCI DSS is a group of principles and accompanying requirements, around which the specific elements of the DSS are organized:
|
|||||||||||||||||||
Squirrel Version 1.55 (PA-DSS v1.2), Version 6 (PA-DSS v1.2)
Maitre’D Version 7.05 (PA-DSS v1.2), Version 8 (PA-DSS v1.2)
Version 2.60 (PABP v1.4)
Version 5.7.1 (PABP v.1.4)
Symfinite Version 2.0, Build 38 (PA-DSS v1.2)
Net ePay Version 4.0 (PABP v1.3)