CISP Compliance. CounterPoint Helps Retailers Comply with Payment Card Industry (PCI) Data Security Standards... Compliance with CISP

Transcription

1 CISP Compliance Compliance with CISP means compliance with the PCI Data Security Standard with the required program validation. Using the PCI Data Security Standard as its framework, CISP provides the tools and measurements needed to protect against cardholder data exposure and compromise. CounterPoint Helps Retailers Comply with Payment Card Industry (PCI) Data Security Standards... What is CISP Compliance? The Visa Card Holder Information Security Program (CISP) is a subset of PCI that established compliance validation programs for software applications and processing service providers who serve Visa and MasterCard merchants. How does this help with PCI Compliance? The purpose of this validation is to make it easier for merchants to be sure providers are offering solutions which do not violate the merchants PCI compliance requirements. Where can I get more information? You can read more about CISP as it relates to PCI at the following address: CounterPoint s CISP Validation On the following two abbreviated PDF documents, Visa lists all validated applications and providers. The documents are also available from the site referenced above. You will see in these documents that all Radiant Systems applications and services, including CounterPoint, current in their validation testing of CISP compliance. By investing in a CounterPoint system with CISP Compliance, you have the tools available to you to help you meet PCI compliance requirements

2 List of Validated Payment Applications As of The following List of Validated Payment Applications have been assessed for compliance with the Payment Application Best Practices ( PABP ). Only those versions of the application identified in the listing below have been evaluated and determined to comply with PABP. Compliance with the PABP is determined based upon data and information developed by an evaluation of the application by a Qualified Payment Application Security Company ( QPASC ). Although Visa reviews the QPASC-developed data and information, Visa does not independently confirm such data or information nor does Visa perform any tests or analysis of the functionality, performance or suitability of any of the applications and/or products listed. Visa makes no endorsement or recommendation of applications or products, or of their respective developers or distributors. Furthermore, Visa makes no warranties, guarantees or representations that any of the applications or products will meet your requirements for performance or functionality, that the applications or products will be free from errors or malicious code, or that the applications or products will be compatible with any other systems or applications. Any and all representations or warranties, including any and all representations and warranties made by the payment application vendor, are disclaimed by Visa. The information provided herein is provided AS IS with no warranties, expressed or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose and/or non-infringement. The information provided herein is subject to change by Visa, with or without notice. Although Visa makes good faith efforts to provide accurate and complete information, merchants, or anyone else utilizing the information set forth on the following List of Validated Payment Applications remain responsible for confirming the accuracy of the information set forth below, including but not limited to, confirming with the appropriate payment application vendor that the version of the application identified below is in compliance with PABP. Use of any one or more of the applications below (i) does not guarantee or ensure compliance with the PCI DSS; and (ii) does not satisfy any Acquirers obligation to perform their own evaluation and due diligence, to ensure the PCI DSS compliance of their merchants and agents. PABP reviews are valid for one year, with annual attestation due to Visa one year from the below VALIDATION DATE. Attestations that are from 1-60 days late are noted in yellow and reports that are from days late are noted in red. Entities with reports over 90 days past due will be removed from this list. (1) An annual validation is required for those payment applications with major upgrade or product version changes. If there are no changes to the product, Visa will require a letter signed by an Officer of the software company indicating no changes to the payment application and continued adherence to the Payment Application Best Practices. Visa will note that there were no changes to the product Visa U.S.A List of Validated Payment Applications 2007 Visa Inc. 1

3 PAYMENT APPLICATION VENDOR Princeton Payment Solutions m Quest Retail Radiant Systems PAYMENT APPLICATION APPLICATION VERSION VALIDATION DATE (1) ASSESSOR DESCRIPTION December 15, Labs Dial-to-IP and Serialto-IP converter and router to facilitate the transmission of transactions from an existing terminal across the Internet PayWare NET/ERP 4.3 June 20, 2006 Quest Manager (Quest Venue Manager, Quest Enterprise Manager, Quest Hospitality Manager) Aloha Suite Middleware solutions for large merchants 1.5 Coalfire Systems POS software solution designed for large stadiums or event venues with the need of centralized POS and payment processing 6.1 August 30, March 24, 2005 CounterPoint 7 December 15, 2007 CounterPoint SQL December 15, 2007 Exhibitor POS Suite November 15, April 11, 2006 table and quick service industry Formerly Synchronics. A point-of-sale and inventory management system suitable for businesses of all sizes that need to manage, consolidate and distribute information across many locations. The application also includes features designed to meet the specific needs of wholesale distributors and mail order business movie theatre / entertainment industry Lighthouse Suite November 15, 2007 quick service restaurants QSR POS Suite December 15, 2007 quick service restaurants RPOS PCS 6.6 July 7, 2006 petroleum and retail (1) An annual validation is required for those payment applications with major upgrade or product version changes. If there are no changes to the product, Visa will require a letter signed by an Officer of the software company indicating no changes to the payment application and continued adherence to the Payment Application Best Practices. Visa will note that there were no changes to the product Visa U.S.A List of Validated Payment Applications 2007 Visa Inc. 21

4 Visa U.S.A. Cardholder Information Security Program (CISP) List of Compliant Service Providers As Of The companies listed below successfully completed a CISP review based on the PCI Data Security Standard. The "VALIDATION DATE" is the date of last compliance. CISP reviews are valid for one year, with the next annual report due to Visa one year from the "VALIDATION DATE". Reports that are from 1-60 days late are noted in yellow and reports that are from days late are noted in red. Entities with reports over 90 days past due are removed from this list. It is the member's responsibility to use compliant service providers and to follow up with service providers if there are any questions about their compliance status. Visa U.S.A. Cardholder Information Security Program (CISP) List of Compliant Service Providers - All SERVICE PROVIDER VALIDATION DATE SERVICES COVERED BY REVIEW (1) ASSESSOR 1ShoppingCart.com Internet Security Metrics 1st Americard Merchant Payment Services 3Delta Systems July 31, 2007 Merchant Payment Services Fortrex Technologies 3Pea Technologies, Inc Prepaid Card Processing A3 IT Solutions Managed Hosting Academy Collection Service Debt Collection Agency Accel Networks January 31, 2008 Wireless AccountNow July 31, 2007 Account Management Services Accretive Commerce Direct Marketing Order Fulfillment RSM McGladrey ACH Direct Merchant RSM McGladrey ACI Worldwide Merchant, Inc ACS Government and Community Solutions April 30, 2007 Jefferson Wells Acxiom ICS/BNS Core & ISC/BNS Proprietary Bankruptcy Notification Services Adeptra Fraud and Chargeback Services Adteractive, Inc. February 28, 2008 Merchant Digital Marketing Digital Resources Group (DRG) Aegis Communications K3DES Affinity Solutions Loyalty Programs (1) CISP reviews represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Inclusion on this list indicates only that the service provider successfully completed a CISP assessment following requirements prescribed for their CISP Level, based on the report of an independent security assessor. Visa does not endorse the service providers or their business processes or practices. Visa has no duty to Members, merchants, processors or other third parties to obtain or review reports from any party required to submit a report, and Visa is not responsible to any party for the timeliness, accuracy or completeness of any report Visa U.S.A. Inc. 1 of 20

5 Visa U.S.A. Cardholder Information Security Program (CISP) List of Compliant Service Providers - All SERVICE PROVIDER VALIDATION DATE SERVICES COVERED BY REVIEW (1) ASSESSOR PEMCO Coalfire PeopleSupport GCA PeopleSupport-Costa Rica PFSweb, Inc. Order Fulfillment Pipeline Data Planet eshop Information Exchange Planet Payment Multi-Currency Plug & Pay Technologies, Inc. Internet POS Portal August 31, 2007 Merchant Coalfire POST Integrations, Inc. CyberTrust Prairie Systems, Inc. Payment Gateway Preferred Health Premiere Global Services Records Management Presto ATM Processing Priority Payment Systems Merchant Process America Information Exchange Profit Margins, Inc. Direct Marketing ProfitStars April 30, 2007 Progressive Distribution Merchant Janus Associates Propco Marketing PropertyBridge Merchant PSCU Financial Services, Inc. February 28, 2008 Bill Dispute Resolution Verizon Business PSIGate Internet Payment Gateway Qgiv QS/1 Quantum Services Payment Gateway Raven Eye Quickbooks Merchant Services Merchant Radiant Systems Rainbow Rewards Rewards/Gift Card Programs RBS Lynk (1) CISP reviews represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Inclusion on this list indicates only that the service provider successfully completed a CISP assessment following requirements prescribed for their CISP Level, based on the report of an independent security assessor. Visa does not endorse the service providers or their business processes or practices. Visa has no duty to Members, merchants, processors or other third parties to obtain or review reports from any party required to submit a report, and Visa is not responsible to any party for the timeliness, accuracy or completeness of any report Visa U.S.A. Inc. 15 of 20