What are the challenges in your industry
PCI (Payment Council Industry) compliance is a standard set forth by Visa and MasterCard on how merchants store and process credit/debit card transactions.
This is a universal, mandatory standard in the card payments industry and must be completed by all merchants on an annual basis.
The intention of PCI compliance is to reduce fraud by setting standards in protecting cardholder information. At the minimum this requires merchants to answer a questionnaire on how they are storing and processing cardholder information. These questions can be very technical in nature, and depending on how a merchant processes credit card transactions (IE – terminal, POS system, eCommerce, software), the number of questions and how technical these questions are may vary per merchant and industry.
In addition, if a merchant processes over IP (Internet Protocol), the merchant must also provide the IP address of their server and must pass a quarterly scan. A merchant can use a number of resources to help them become PCI compliant. A good start for merchants to understand PCI compliance is at www.pcisecuritystandards.org. Here merchants can find more information about PCI compliance and answer the required annual questionnaire. In addition, it outlines the steps needed for merchants to submit their IP address for the required quarterly scans.
Most merchants will use their processor’s resource to help them become PCI compliant. The resource for Card/Pay is called Rapid Comply. More information on Rapid Comply can be found on the Support Page of our website. Using Rapid Comply can be an easier and faster way to become PCI compliant. Once a merchant is compliant, Card/Pay will forward their successful compliancy to Visa/MasterCard. In addition, Rapid Comply can be an excellent tool to help merchants understand PCI compliance and speak with live technicians to reduce the time in answering the questionnaire.
EMV (Euro MasterCard Visa) is a standard for all merchants to become compliant with accepting chip enabled cards. This standard is currently set for October 2015 and is mandatory by Visa/MasterCard. Accepting chip enabled cards requires additional hardware. Instead of swiping cards using the magnetic stripe on the back of the card, the merchant will insert chip enabled cards into the terminal or pin pad. Chip enabled cards are more secure than magnetic stripe cards because the chips that are embedded on these cards are encrypted.
A benefit of accepting chip enabled cards is that these cards are able to initiate a sale to the merchant using contactless payment technology (in some cases, additional hardware may be required). The process of “tapping” the merchant’s hardware uses radio frequencies to communicate with the terminal or pin pad. In addition, smartphones that are capable of storing cardholder information can also “tap” a merchant’s terminal or pin pad and initiate a sale. One advantage of this method is that in the future a merchant may be able to send back a coupon or message to the smartphone for potential marketing purposes.
Other advantages of EMV compliance beyond a more secure payment form are faster transactions, reduction of chargebacks, and an increase in the cardholder’s confidence in using their credit cards at merchant locations. Card/Pay has a number of terminals and pin pads that are EMV compliant. These types of hardware can be found on the Equipment Page of our website.