Plotting a Course for EMV Compliance

Size: px
Start display at page:

Download "Plotting a Course for EMV Compliance"

Transcription

1 Plotting a Course for EMV Compliance

2 Plotting a Course for EMV Compliance PCI compliance...emv compliance by now, you ve heard repeatedly that your store or restaurant must be EMV-compliant by the recently passed October 1, 2015 deadline or else. You know that a lack of compliance puts you at risk of financial liability for fraudulent card-present transactions as well as possible penalties and sanctions imposed by the card networks. You understand the other benefits of boarding the EMV train. Now, all you want to do is to achieve EMV compliance, and all you want to know is how to get there. In this ebook, we ll explain the facts and lay out a roadmap to follow so that your business is EMVcompliant AS SOON AS POSSIBLE and is protected in the event of a security breach by being fully PCI compliant. Let s get started. 2

3 How the Liability Shift Affects Transactions, Where PCI Comes In and Some Myth-Busting In general, as of October 1, 2015, liability for card-present transactions (transactions completed in a brick-and-mortar establishment rather than online) moves from the card issuer to the merchant that is, unless the merchant has upgraded its POS hardware and software to accept chip cards manufactured in line with the EMV standard. However, the similarities in the way the liability shift impacts transactions stops here, because EMV parameters differ from card brand to card brand. For example, starting on the liability shift date, MasterCard will exempt merchants from 100 percent of account data compromise penalties if at least 95 percent of MasterCard transactions that originate in their stores are handled on EMV-compliant POS terminals. By contrast, as of that same date, Visa will simply hold whichever party is the cause for a chip-card transaction not occurring in other words, a merchant whose terminals are not EMV-compliant responsible for any losses stemming from fraudulent transactions occurring in its store(s). American Express will transfer liability for certain types of fraudulent transactions away from the party that has the most secure form of EMV technology. 3

4 Parameters also differ when it comes to the relationship between EMV compliance and compliance with the Payment Card Industry Data Security Standards (PCI DSS). On October 1, 2012, Visa began providing PCI audit relief to merchants if more than 75 percent of their Visa transactions originate from EMV-compliant POS terminals. MasterCard started offering the same, using the identical parameters. But beginning on October 1, 2013, only American Express released merchants from PCI DSS reporting requirements if their POS locations where at least 75 percent of their transactions occur are enabled to process American Express EMV-based contact and contactless transactions. It s important not only to understand how PCI compliance touches EMV compliance, but also to dispel a few common PCI compliance-related misconceptions. Unless you know the truth behind these three misconceptions, achieving EMV compliance will be difficult, if not impossible. Myth: My POS provider is PCI-compliant, so I m PCI-compliant. Reality: Software vendors and other entities that develop payment applications are subject to different data security standards than merchants. As a payment application (PA) provider, your POS company MUST be compliant with the latest version of PCI PA-DSS (PCI PA-DSS Version 3.1). But to be fully PCI compliant, you the merchant MUST meet all of the merchant requirements of PCI DSS 3.1 to achieve POS compliance from your side. Myth: PCI DSS is only a recommendation and not a requirement. Reality: PCI DSS are mandates enforced by all payment brands. Every entity that stores, processes, or transmits any information recorded on credit and debit cards must adhere to the standards. Those that do not are subject to fines and the enforcement of more stringent PCI DSS compliance requirements (and the accompanying costs). Suspension or expulsion from card processing networks for non-compliance with the PCI DSS is also possible. Myth: My operation doesn t process many credit card transactions, so I m exempt from compliance. Reality: No matter the number of credit card transactions you process in your store or restaurant, PCI DSS requirements apply. So, too, do the consequences of non-compliance. 4

5 Navigating the Bumpy Road to EMV Compliance Now that you understand how the EMV liability shift affects transactions and where PCI comes into play (we ll cover more of the latter later on in this ebook), it s time to get on the road to EMV compliance. Let s break it down into six steps. 1 Examine Your Existing Hardware Terminals and peripherals: Make a list of the POS equipment you have, so you can do a fair comparison when you shop for new hardware that handles EMV transactions. Do you have standalone terminals with separate magnetic stripe readers and/or PIN pads? Do you have a pre-configured, canned software package that works with your existing POS terminals (or electronic cash register, if you still have one?)? Is your POS configuration a more customized one? Mobile payments: Is your operation equipped to accept mobile payments? If so, and if mobile payments are processed on your POS terminals using near-field communications (NFC), you re at an advantage EMV-wise because NFC is an enabling technology for contactless chip card payments. If you don t accept mobile payments, consider doing so. Increasingly, consumers want to make mobile payments from NFC-enabled smartphones and may defect to a competitor if you don t offer a mobile payment option. Now is a great time to go mobile if you re already upgrading for EMV. Why upgrade again in the next few years and pay the financial price if you can do it all now? 5

6 2 Approach Payment Processors and POS Vendors About Options Vendors and payment processors have been working diligently to develop EMV-compliant hardware and software, including: Non-integrated POS: These comprise standalone terminals and peripherals e.g., a POS terminal with a separate PIN pad. Semi-integrated POS: In a semi-integrated environment, the terminal or peripheral device used to capture credit card data is connected to the POS application. However, the application used to actually process card payments resides on a separate device. Fully integrated POS: In fully integrated POS configurations, no separate device hosts the payment processing application, all elements are linked with each other. 3 Get a Handle on Terminal Certification Requirements EMV Level 3 Certification Required EMV-enabled terminals and accompanying POS software must be certified by EMVCo, an organization that manages, maintains, and advances EMV specifications and handles testing and similar tasks related to EMV. Level One and Level Two Certification: Level One and Level Two certification testing assesses and attests to the security of the technology in question, as well as to its interoperability with other hardware/software brands. Apps designed to facilitate EMV adoption must also be evaluated and vetted via Level One and Level Two certification testing. Level Three Certification: Level Three Certification testing involves assessments of every type of transaction a given terminal can perform to ensure the unit s integrity. These assessments are performed by the payment processor, acquirer, and, if applicable, the independent software vendor (ISV). Regardless of whether you have a stand-alone terminal, a generic point of sale solution, or a customer specific solution, you re going to need an EMV Level 3 Certification. A couple of things to keep in mind about Level 3 approval: 1. Level 3 Certification can take anywhere from four to eight weeks to finalize. 2. Any changes made to your solution will force the provider to go through a recertification. Consult with your payment processors, acquirers and ISVs for advice about what s involved for you to become EMV Level 3 certified. 6

7 4 Select and Purchase New Hardware In doing so, consider: Budget: By most estimates, the price of EMV-compliant hardware can range from $100 to nearly $1,000 per terminal, depending on the extent of equipment needed. Software upgrades are extra and can raise the price considerably. Business needs and wants: Make a list of features and components that you must have versus those that would be nice to have. For example, there are two kinds of chip cards: chip-and-pin, and chip-and-signature. Chip-and-PIN cards are verified by reading chip and the entry of the customer s PIN; chip-and-signature transactions, through reading the chip and the cardholder s signature. Issuers decide which type of cards to distribute. Most chip cards issued in the U.S. are of the chip-and-signature variety, but a majority of those issued abroad are chip-and-pin cards. If you cater to many visitors from abroad, POS technology that accommodates chip-and-pin is a must-have; otherwise, it may be nice to have. Future growth: Your EMV-compliant system should be scalable, so as to minimize additional expenditures down the road. 7

8 5 Ensure Proper Staff Training Implementing any new equipment means training staff on how to use it and EMV-compliant POS hardware is no exception. Instruct employees to enter transaction amounts before customers insert their credit or debit cards into the card reader. Employees must also be told to insert EMV cards chip end first, with the chip side facing upward, and to leave cards in the terminal for the entire duration of the transaction. Tips must also be entered at this time rather than manually added after the actual transaction has been processed. This poses a problem for table service restaurants. For traditional pay-at-the-table establishments, a rugged tablet POS device that is EMV-enabled is the best solution. Most, if not all, terminals and EMVenabled devices emit a sound to indicate that a transaction is complete. 6 Educate Customers Making the switch from swiping their cards to inserting them into a terminal, (and allowing them to remain throughout the transaction), is a big change for most consumers, making customer education about EMV a must. Consider using signage to communicate the stepby-step EMV transaction process for example: Step 1: Insert your card chip-first, with the chip side up. Step 2: Enter your PIN or add your signature when prompted. Step 3: Leave your card in the terminal until you hear the beep. Step 4: Don t forget to remove your card when the beep sounds. Additionally, ask all staff members to encourage customers to use the new EMV-compliant technology, and to walk them through the process step-by-step if they appear at all uncomfortable about it. Customers comfort level with performing chip-card transactions will also be higher if employees can properly answer their questions. Role-playing exercises that show staff members the best way to respond to questions should be incorporated into employee training. 8

9 Understanding the Bigger Picture: EMV and PCI Clearly, migrating to POS technology that can handle EMV transactions is an important step for retailers and restaurant operators alike. However, as mentioned above, EMV is only a piece of the larger PCI puzzle and achieving PCI compliance doesn t mean simply deploying an EMVenabled terminal or terminals. It also entails adhering to another 12 requirements designed to enhance data security throughout the entire transaction, from the card reader to the POS server, and from the moment transaction data is captured at the POS to the time of settlement. These 12 requirements, which should be accounted for when upgrading hardware and software on the road to EMV compliance, encompass the following: 1. Install and maintain a firewall to protect cardholder data. This prevents hackers from gaining access to the network on which cardholder data travels from payment terminals to the point where transactions are processed. 2. Do not use vendor-supplied default passwords for any store system or network. Generate your own passwords. Change them regularly. 3. Safeguard stored cardholder data. Encryption is one way to do this. 4. Encrypt transmission of cardholder data across open public networks. 5. Protect all systems against malware. Regularly update anti-virus software and programs. 6. Develop and secure systems and applications. Create and follow a schedule of maintenance for each one. 7. Restrict access to cardholder data by business need-to-know. If an employee s responsibilities do not necessitate access to cardholder data, configure your software so that that individual cannot view such information. For example, while a restaurant manager would need to see customers card numbers for certain business purposes, a server or runner would not. 8. Develop and implement rules and policies that govern user-specific and guest-access to your systems. 9. Restrict physical access to cardholder data, for example, by locking up hardware (laptops, etc.) that contains such data. 10. Track and monitor all access to network resources and cardholder data. 11. Regularly test security systems and processes. 12. Develop and maintain a policy that addresses information security as it pertains to all staff members. Conclusion Migrating to EMV and then to full PCI compliance is a process that doesn t have to be painful! Working with experts can save you (a lot of) time, (tons of) effort and for sure down-the-line costs. Fortunately, as EMV/PCI/POS experts, we re here to help you every step of the way. For more information and to get the answers to all your EMV and PCI questions, call us today at

What is EMV? What is different?

What is EMV? What is different? U.S. consumers are receiving new debit and credit cards with embedded chip technology that better stores and protects cardholder information. These new chip cards are part of the new card standard, Europay,

More information

EMV and Small Merchants:

EMV and Small Merchants: September 2014 EMV and Small Merchants: What you need to know Mike English Executive Director, Product Development Heartland Payment Systems 2014 Heartland Payment Systems, Inc. All trademarks, service

More information

EMV and Restaurants: What you need to know. Mike English. October 2014. Executive Director, Product Development Heartland Payment Systems

EMV and Restaurants: What you need to know. Mike English. October 2014. Executive Director, Product Development Heartland Payment Systems October 2014 EMV and Restaurants: What you need to know Mike English Executive Director, Product Development Heartland Payment Systems 2014 Heartland Payment Systems, Inc. All trademarks, service marks

More information

NAVIGATING THE PAYMENTS AND SECURITY LANDSCAPE

NAVIGATING THE PAYMENTS AND SECURITY LANDSCAPE NAVIGATING THE PAYMENTS AND SECURITY LANDSCAPE Payment disruptions impacting restaurant owners today An NCR Hospitality white paper Almost every month we hear a news story about another data breach that

More information

Introductions 1 min 4

Introductions 1 min 4 1 2 1 Minute 3 Introductions 1 min 4 5 2 Minutes Briefly Introduce the topics for discussion. We will have time for Q and A following the webinar. 6 Randy - EMV History / Chip Cards /Terminals 5 Minutes

More information

Credit Card Processing, Point of Sale, ecommerce

Credit Card Processing, Point of Sale, ecommerce Credit Card Processing, Point of Sale, ecommerce Compliance, Self Auditing, and More John Benson Kurt Willey HACKS REGULATIONS Greater Risk for Merchants Topics Compliance Changes Scans Self Audits

More information

PCI DSS COMPLIANCE DATA

PCI DSS COMPLIANCE DATA PCI DSS COMPLIANCE DATA AND PROTECTION EagleHeaps FROM CONTENTS Overview... 2 The Basics of PCI DSS... 2 PCI DSS Compliance... 4 The Solution Provider Role (and Accountability).... 4 Concerns and Opportunities

More information

What Every Business Should Know About PCI Compliance

What Every Business Should Know About PCI Compliance What Every Business Should Know About PCI Compliance www.bullseyetelecom.com As technology advances, identity thieves are also finding easier ways to steal vital information such as credit card data. Businesses

More information

A Brand New Checkout Experience

A Brand New Checkout Experience A Brand New Checkout Experience EMV Transformation EMV technology is transforming the U.S. payment industry, bringing a whole new experience to the checkout counter. Introduction What is EMV? It s 3 small

More information

A Brand New Checkout Experience

A Brand New Checkout Experience A Brand New Checkout Experience EMV Transformation EMV technology is transforming the U.S. payment industry, bringing a whole new experience to the checkout counter. Introduction What is EMV? It s 3 small

More information

TNHFMA 2011 Fall Institute October 12, 2011 TAKING OUR CUSTOMERS BUSINESS FORWARD. The Cost of Payment Card Data Theft and Your Business

TNHFMA 2011 Fall Institute October 12, 2011 TAKING OUR CUSTOMERS BUSINESS FORWARD. The Cost of Payment Card Data Theft and Your Business TAKING OUR CUSTOMERS BUSINESS FORWARD The Cost of Payment Card Data Theft and Your Business Aaron Lego Director of Business Development Presentation Agenda Items we will cover: 1. Background on Payment

More information

toast EMV in 2015: How Restaurants Can Prepare for the New Chip-and-Pin Standard

toast EMV in 2015: How Restaurants Can Prepare for the New Chip-and-Pin Standard toast EMV in 2015: How Restaurants Can Prepare for the New Chip-and-Pin Standard Table of Contents For more than 40 years, merchants and consumers have used magnetic stripe credit cards and compatible

More information

Credit Card Processing Overview

Credit Card Processing Overview CardControl 3.0 Credit Card Processing Overview Overview Credit card processing is a very complex and important system for anyone that sells goods. This guide will hopefully help educate and inform new

More information

P R O G R E S S I V E S O L U T I O N S

P R O G R E S S I V E S O L U T I O N S PCI DSS: PCI DSS is a set of technical and operational mandates designed to ensure that all organizations that process, store or transmit credit card information maintain a secure environment and safeguard

More information

Chip Card (EMV ) CAL-Card FAQs

Chip Card (EMV ) CAL-Card FAQs U.S. Bank Chip Card (EMV ) CAL-Card FAQs Below are answers to some frequently asked questions about the migration to U.S. Bank chipenabled CAL-Cards. This guide can help ensure that you are prepared for

More information

Flexible and secure. acceo tender retail. payment solution. tender-retail.acceo.com

Flexible and secure. acceo tender retail. payment solution. tender-retail.acceo.com Flexible and secure payment solution acceo tender retail payment solution tender-retail.acceo.com Take control of your payment transactions ACCEO Tender Retail is a specialized middleware that handles

More information

CardControl. Credit Card Processing 101. Overview. Contents

CardControl. Credit Card Processing 101. Overview. Contents CardControl Credit Card Processing 101 Overview Credit card processing is a very complex and important system for anyone that sells goods. This guide will hopefully help educate and inform new and old

More information

Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) Frequently Asked Questions

Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) Frequently Asked Questions PCI/PA-DSS FAQs Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) Frequently Asked Questions What is PCI DSS? The Payment Card Industry Data

More information

U.S. Bank. U.S. Bank Chip Card FAQs for Program Administrators. In this guide you will find: Explaining Chip Card Technology (EMV)

U.S. Bank. U.S. Bank Chip Card FAQs for Program Administrators. In this guide you will find: Explaining Chip Card Technology (EMV) U.S. Bank U.S. Bank Chip Card FAQs for Program Administrators Here are some frequently asked questions Program Administrators have about the replacement of U.S. Bank commercial cards with new chip-enabled

More information

SellWise User Group. Thursday, February 19, 2015

SellWise User Group. Thursday, February 19, 2015 SellWise User Group Thursday, February 19, 2015 Slides and recording posted on scouting.org/financeimpact Look on the Council Fiscal Management Tab, then look at the bottom left for Sellwise Support/User

More information

EMV : Frequently Asked Questions for Merchants

EMV : Frequently Asked Questions for Merchants EMV : Frequently Asked Questions for Merchants The information in this document is offered on an as is basis, without warranty of any kind, either expressed, implied or statutory, including but not limited

More information

EMV Frequently Asked Questions for Merchants May, 2014

EMV Frequently Asked Questions for Merchants May, 2014 EMV Frequently Asked Questions for Merchants May, 2014 Copyright 2014 Vantiv All rights reserved. Disclaimer The information in this document is offered on an as is basis, without warranty of any kind,

More information

Save Money on Credit Card Processing. So how do you save money on credit card processing? It is a very simple process.

Save Money on Credit Card Processing. So how do you save money on credit card processing? It is a very simple process. My main responsibility as a Regional Account Manager for IMD is obtain the absolute lowest possible merchant fees for you as a business. Why? The more customers we can save money, the more volume of business

More information

EMV: Preparing for the shift

EMV: Preparing for the shift EMV: Preparing for the shift The impending shift in liability for card-present fraud is driving a transition to EMV, which comes replete with new retail IT requirements and consumer-facing changes to the

More information

WHITE PAPER. PCI Basics: What it Takes to Be Compliant

WHITE PAPER. PCI Basics: What it Takes to Be Compliant WHITE PAPER PCI Basics: What it Takes to Be Compliant Introduction A long-running worldwide advertising campaign by Visa states that the card is accepted everywhere you want to be. Unfortunately, and through

More information

Heartland Secure. By: Michael English. A Heartland Payment Systems White Paper 2014. Executive Director, Product Development

Heartland Secure. By: Michael English. A Heartland Payment Systems White Paper 2014. Executive Director, Product Development A Heartland Payment Systems White Paper 2014 Heartland Secure. By: Michael English Executive Director, Product Development 2014 Heartland Payment Systems. All trademarks, service marks and trade names

More information

Preparing for EMV chip card acceptance

Preparing for EMV chip card acceptance Preparing for EMV chip card acceptance Ben Brown Vice President, Regional Sales Manager, Wells Fargo Merchant Services Lily Page Vice President, Wholesale ereceivables, Wells Fargo Merchant Services June

More information

The Cost of Payment Card Data Theft and Your Business. Aaron Lego Director of Business Development

The Cost of Payment Card Data Theft and Your Business. Aaron Lego Director of Business Development The Cost of Payment Card Data Theft and Your Business Aaron Lego Director of Business Development Presentation Agenda Items we will cover: 1. Background on Payment Card Industry Data Security Standards

More information

Mobile Near-Field Communications (NFC) Payments

Mobile Near-Field Communications (NFC) Payments Mobile Near-Field Communications (NFC) Payments OCTOBER 2013 GENERAL INFORMATION American Express continues to develop its infrastructure and capabilities to support growing market interest in mobile payments

More information

PCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows:

PCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows: What is PCI DSS? PCI DSS is an acronym for Payment Card Industry Data Security Standards. PCI DSS is a global initiative intent on securing credit and banking transactions by merchants & service providers

More information

THE FIVE Ws OF EMV BY DAVE EWALD GLOBAL EMV CONSULTANT AND MANAGER DATACARD GROUP

THE FIVE Ws OF EMV BY DAVE EWALD GLOBAL EMV CONSULTANT AND MANAGER DATACARD GROUP THE FIVE Ws OF EMV BY DAVE EWALD GLOBAL EMV CONSULTANT AND MANAGER DATACARD GROUP WHERE IS THE U.S. PAYMENT CARD INDUSTRY NOW? WHERE IS IT GOING? Today, payment and identification cards of all types (credit

More information

Card Network Update Chip (EMV) Acceptance in the United States At-A-Glance

Card Network Update Chip (EMV) Acceptance in the United States At-A-Glance Card Network Update Chip (EMV) Acceptance in the United States At-A-Glance Allegiance Merchant Services is committed to assisting you in navigating through the various considerations that you may face

More information

Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015

Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015 Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015 I. PURPOSE The purpose of this policy is to establish guidelines for processing charges on Payment Cards to protect

More information

University Policy Accepting Credit Cards to Conduct University Business

University Policy Accepting Credit Cards to Conduct University Business BROWN UNIVERSITY University Policy Accepting Credit Cards to Conduct University Business Purpose Brown University requires all departments that are involved with credit card handling to do so in compliance

More information

What Merchants Need to Know About EMV

What Merchants Need to Know About EMV Effective November 1, 2014 1. What is EMV? EMV is the global standard for card present payment processing technology and it s coming to the U.S. EMV uses an embedded chip in the card that holds all the

More information

Introduction to PCI DSS

Introduction to PCI DSS Month-Year Introduction to PCI DSS March 2015 Agenda PCI DSS History What is PCI DSS? / PCI DSS Requirements What is Cardholder Data? What does PCI DSS apply to? Payment Ecosystem How is PCI DSS Enforced?

More information

Are You Ready For PCI v 3.0. Speaker: Corbin DelCarlo Institution: McGladrey LLP Date: October 6, 2014

Are You Ready For PCI v 3.0. Speaker: Corbin DelCarlo Institution: McGladrey LLP Date: October 6, 2014 Are You Ready For PCI v 3.0 Speaker: Corbin DelCarlo Institution: McGladrey LLP Date: October 6, 2014 Today s Presenter Corbin Del Carlo QSA, PA QSA Director, National Leader PCI Services Practice 847.413.6319

More information

U.S. House Small Business Committee. On Behalf of the National Grocers Association. October 6, 2015

U.S. House Small Business Committee. On Behalf of the National Grocers Association. October 6, 2015 U.S. House Small Business Committee On Behalf of the National Grocers Association October 6, 2015 The National Grocers Association (NGA) appreciates the opportunity to submit comments for the record to

More information

PAI Secure Program Guide

PAI Secure Program Guide PAI Secure Program Guide A complete guide to understanding the Payment Card Industry Data Security Requirements and utilizing the PAI Secure Program. Letter From the CEO Welcome to PAI Secure. As you

More information

EMV in Hotels Observations and Considerations

EMV in Hotels Observations and Considerations EMV in Hotels Observations and Considerations Just in: EMV in the Mail Customer Education: Credit Card companies have already started customer training for the new smart cards. 1 Questions to be Answered

More information

The Comprehensive, Yet Concise Guide to Credit Card Processing

The Comprehensive, Yet Concise Guide to Credit Card Processing The Comprehensive, Yet Concise Guide to Credit Card Processing Written by David Rodwell CreditCardProcessing.net Terms of Use This ebook was created to provide educational information regarding payment

More information

Puzzled about PCI compliance? Proactive ways to navigate through the standard for compliance

Puzzled about PCI compliance? Proactive ways to navigate through the standard for compliance Puzzled about PCI compliance? Proactive ways to navigate through the standard for compliance March 29, 2012 1:00 p.m. ET If you experience any technical difficulties, please contact 888.228.0988 or support@learnlive.com

More information

Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008

Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008 Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008 What is the PCI DSS? And what do the acronyms CISP, SDP, DSOP and DISC stand for? The PCI DSS is a set of comprehensive requirements

More information

PCI 3.1 Changes. Jon Bonham, CISA Coalfire System, Inc.

PCI 3.1 Changes. Jon Bonham, CISA Coalfire System, Inc. PCI 3.1 Changes Jon Bonham, CISA Coalfire System, Inc. Agenda Introduction of Coalfire What does this have to do with the business office Changes to version 3.1 EMV P2PE Questions and Answers Contact Information

More information

PCI Compliance Overview

PCI Compliance Overview PCI Compliance Overview 1 PCI DSS Payment Card Industry Data Security Standard Standard that is applied to: Merchants Service Providers (Banks, Third party vendors, gateways) Systems (Hardware, software)

More information

THE ROAD TO U.S. EMV MIGRATION Information and Strategies to Help Your Institution Make the Change

THE ROAD TO U.S. EMV MIGRATION Information and Strategies to Help Your Institution Make the Change THE ROAD TO U.S. EMV MIGRATION Information and Strategies to Help Your Institution Make the Change Advancements in technological capabilities, along with increasing levels of counterfeit fraud, led the

More information

PCI DSS Compliance Services January 2016

PCI DSS Compliance Services January 2016 PCI DSS Compliance Services January 2016 20160104-Galitt-PCI DSS Compliance Services.pptx Agenda 1. Introduction 2. Overview of the PCI DSS standard 3. PCI DSS compliance approach Copyright Galitt 2 Introduction

More information

Practically Thinking: What Small Merchants Should Know about EMV

Practically Thinking: What Small Merchants Should Know about EMV Practically Thinking: What Small Merchants Should Know about EMV 1 Practically Thinking: What Small Merchants Should Know About EMV Overview Savvy business owners know that payments are about more than

More information

Project Title slide Project: PCI. Are You At Risk?

Project Title slide Project: PCI. Are You At Risk? Blank slide Project Title slide Project: PCI Are You At Risk? Agenda Are You At Risk? Video What is the PCI SSC? Agenda What are the requirements of the PCI DSS? What Steps Can You Take? Available Services

More information

PCI and EMV Compliance Checkup

PCI and EMV Compliance Checkup PCI and EMV Compliance Checkup ATM Security Jim Pettitt Director, ATM Security Diebold Incorporated Agenda ATM threats today Top of mind risk PCI Impact on Security U.S. EMV Migration Conclusions / recommendations

More information

Frequently Asked Questions

Frequently Asked Questions PCI Compliance Frequently Asked Questions Table of Content GENERAL INFORMATION... 2 PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS)...2 Are all merchants and service providers required to comply

More information

PCI Data Security Standards. Presented by Pat Bergamo for the NJTC February 6, 2014

PCI Data Security Standards. Presented by Pat Bergamo for the NJTC February 6, 2014 PCI Data Security Standards Presented by Pat Bergamo for the NJTC February 6, 2014 Introduction 3/3/2014 2 Your Speaker Patrick Bergamo, CISSP Director of Information Security & Delivery Delta Corporate

More information

/ BROCHURE / CHECKLIST: PCI/ISO COMPLIANCE. By Melbourne IT Enterprise Services

/ BROCHURE / CHECKLIST: PCI/ISO COMPLIANCE. By Melbourne IT Enterprise Services / BROCHURE / CHECKLIST: PCI/ISO COMPLIANCE By Melbourne IT Enterprise Services CHECKLIST: PCI/ISO COMPLIANCE If your business handles credit card transactions then you ve probably heard of the Payment

More information

Payment Methods. The cost of doing business. Michelle Powell - BASYS Processing, Inc.

Payment Methods. The cost of doing business. Michelle Powell - BASYS Processing, Inc. Payment Methods The cost of doing business Michelle Powell - BASYS Processing, Inc. You ve got to spend money, to make money Major Industry Topics Industry Process Flow PCI DSS Compliance Risks of Non-Compliance

More information

PLACE GROUP UK LONDON STUDENT HOUSING GROUP PAYMENT CARD INDUSTRY DATA SECURITY STANDARD COMPLIANCE STATEMENT PCI DSS (09) VERSION: 2009PCIDSSP4S01

PLACE GROUP UK LONDON STUDENT HOUSING GROUP PAYMENT CARD INDUSTRY DATA SECURITY STANDARD COMPLIANCE STATEMENT PCI DSS (09) VERSION: 2009PCIDSSP4S01 PLACE GROUP UK LONDON STUDENT HOUSING GROUP PAYMENT CARD INDUSTRY DATA SECURITY STANDARD COMPLIANCE STATEMENT PCI DSS (09) VERSION: 2009PCIDSSP4S01 Information updated: 21 October 2012 SAFEGUARDING CARDHOLDER

More information

NEWS BULLETIN 2015-16

NEWS BULLETIN 2015-16 NEWS BULLETIN Maine Automobile Dealers Association 180 Civic Center Drive P. O. Box 2667 Augusta, Maine 04338-2667 DIAL 623-3882 e-mail:info@maineautodealers.com FAX 623-2318 DISTRIBUTION General Manager

More information

Worldpay s guide to the Payment Card Industry Data Security Standard (PCI DSS)

Worldpay s guide to the Payment Card Industry Data Security Standard (PCI DSS) Worldpay s guide to the Payment Card Industry Data Security Standard (PCI DSS) What is PCI DSS? The 12 Requirements Becoming compliant with SaferPayments Understanding the jargon SaferPayments Be smart.

More information

PCI-DSS: A Step-by-Step Payment Card Security Approach. Amy Mushahwar & Mason Weisz

PCI-DSS: A Step-by-Step Payment Card Security Approach. Amy Mushahwar & Mason Weisz PCI-DSS: A Step-by-Step Payment Card Security Approach Amy Mushahwar & Mason Weisz The PCI-DSS in a Nutshell It mandates security processes for handling, processing, storing and transmitting payment card

More information

SECURITY FIRST: CLARITY ON PCI COMPLIANCE

SECURITY FIRST: CLARITY ON PCI COMPLIANCE WHITE PAPER CLOUD HOSTING. SECURED. SECURITY FIRST: CLARITY ON PCI COMPLIANCE WWW.SERVERCHOICE.COM SECURITY FIRST: CLARITY ON PCI COMPLIANCE This Security First white paper provides an illustrated view

More information

EMV and Chip Cards Key Information On What This Is, How It Works and What It Means

EMV and Chip Cards Key Information On What This Is, How It Works and What It Means EMV and Chip Cards Key Information On What This Is, How It Works and What It Means Document Purpose This document is intended to provide information about the concepts behind and the processes involved

More information

Your Reference Guide to EMV Integration: Understanding the Liability Shift

Your Reference Guide to EMV Integration: Understanding the Liability Shift Your Reference Guide to EMV Integration: Understanding the Liability Shift UNDERSTANDING EMV EMVCo was formed in February 1999 by Europay, MasterCard and Visa to establish and maintain global interoperability

More information

Payment Card Industry (PCI) Data Security Standard. Attestation of Compliance for Self-Assessment Questionnaire C-VT. Version 2.0

Payment Card Industry (PCI) Data Security Standard. Attestation of Compliance for Self-Assessment Questionnaire C-VT. Version 2.0 Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Self-Assessment Questionnaire C-VT Version 2.0 October 2010 Attestation of Compliance, SAQ C-VT Instructions for Submission

More information

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Self-Assessment Questionnaire D Service Providers For use with PCI DSS Version 3.1 Revision 1.1 July 2015 Section 1: Assessment

More information

Trends in Merchant Payment Acceptance

Trends in Merchant Payment Acceptance Trends in Merchant Payment Acceptance December 6, 2007 Credit approval required. Merchant accounts are issued through BB&T Bankcard Corporation, a Georgia Corporation, Member FDIC. 2007 BB&T. All rights

More information

Need to be PCI DSS compliant and reduce the risk of fraud?

Need to be PCI DSS compliant and reduce the risk of fraud? Need to be PCI DSS compliant and reduce the risk of fraud? NCR Security lessens your PCI compliance burden and protects the integrity of your network An NCR White Paper Experience a new world of interaction

More information

Beginner s Guide to Point of Sale

Beginner s Guide to Point of Sale Beginner s Guide to Point of Sale Are you looking to purchase your first restaurant POS system? Interested in switching to a new restaurant POS? Enjoy reading online guides with informative graphics? Our

More information

Target Security Breach

Target Security Breach Target Security Breach Lessons Learned for Retailers and Consumers 2014 Pointe Solutions, Inc. PO Box 41, Exton, PA 19341 USA +1 610 524 1230 Background In the aftermath of the Target breach that affected

More information

EMV mobile Point of Sale (mpos) Initial Considerations

EMV mobile Point of Sale (mpos) Initial Considerations EMV mobile Point of Sale EMV mobile Point of Sale (mpos) Initial Considerations Version 1.1 June 2014 2014 EMVCo, LLC ( EMVCo ). All rights reserved. Any and all uses of the EMV Specifications ( Materials

More information

Understand the Business Impact of EMV Chip Cards

Understand the Business Impact of EMV Chip Cards Understand the Business Impact of EMV Chip Cards 3 What About Mail/Telephone Order and ecommerce? 3 What Is EMV 3 How Chip Cards Work 3 Contactless Technology 4 Background: Behind the Curve 4 Liability

More information

Langara College PCI Awareness Training

Langara College PCI Awareness Training Langara College PCI Awareness Training Have you heard of PCI? Due to the increase of credit card fraud and identity theft, major credit card companies like Visa, MasterCard and Amex have formed a security

More information

PCI: It Never Ends. Why?

PCI: It Never Ends. Why? PCI: It Never Ends. Why? How to stay prepared? Shekar Swamy American Technology Corporation St. Louis, MO January 13, 2011 PCI compliance basics It s all about Data Security 12 major areas of compliance

More information

Payment Card Industry Data Security Standard Training. Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc.

Payment Card Industry Data Security Standard Training. Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc. Payment Card Industry Data Security Standard Training Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc. March 27, 2012 Agenda Check-In 9:00-9:30 PCI Intro and History

More information

Cash & Banking Procedures

Cash & Banking Procedures Financial Policies and Procedures Cash & Banking Procedures 1 P a g e Contents 1. Banking Procedures 1.1 Receipt of cash and cheques within a department 1.2 Storage/security of cash and cheques within

More information

What are the PCI DSS requirements? PCI DSS comprises twelve requirements, often referred to as the digital dozen. These define the need to:

What are the PCI DSS requirements? PCI DSS comprises twelve requirements, often referred to as the digital dozen. These define the need to: What is the PCI standards council? The Payment Card Industry Standards Council is an institution set-up by American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International

More information

OpenEdge Research & Development Group April 2015

OpenEdge Research & Development Group April 2015 2015: Security, Merchant Readiness & the Coming Liability Shift OpenEdge Research & Development Group April 2015 solutions@openedgepay.com openedgepay.com 2015: Security, Merchant Table of Contents The

More information

welcome to liber8:payment

welcome to liber8:payment liber8:payment welcome to liber8:payment Our self-service kiosks free up staff time and improve the overall patron experience. liber8:payment further enhances these benefits by providing the convenience

More information

Sage ERP MAS I White Paper. Payment Processing Trends, Tips, and Tricks: What You Need to Know

Sage ERP MAS I White Paper. Payment Processing Trends, Tips, and Tricks: What You Need to Know I White Paper What You Need to Know Over the past few years, credit and debit card acceptance has come on the scene as a required payment option. Similarly, the number of customers using credit and debit

More information

PCI DSS 101 FOR CTOs AND BUSINESS EXECUTIVES

PCI DSS 101 FOR CTOs AND BUSINESS EXECUTIVES PCI DSS 101 FOR CTOs AND BUSINESS EXECUTIVES CUTTING THROUGH THE COMPLEXITY AND CONFUSION Over the years, South African retailers have come under increased pressure to gain PCI DSS (Payment Card Industry

More information

mobile payment acceptance Solutions Visa security best practices version 3.0

mobile payment acceptance Solutions Visa security best practices version 3.0 mobile payment acceptance Visa security best practices version 3.0 Visa Security Best Practices for, Version 3.0 Since Visa s first release of this best practices document in 2011, we have seen a rapid

More information

CITY OF SAN DIEGO ADMINISTRATIVE REGULATION Number 95.51 PAYMENT CARD INDUSTRY (PCI) COMPLIANCE POLICY. Page 1 of 9.

CITY OF SAN DIEGO ADMINISTRATIVE REGULATION Number 95.51 PAYMENT CARD INDUSTRY (PCI) COMPLIANCE POLICY. Page 1 of 9. 95.5 of 9. PURPOSE.. To establish a policy that outlines the requirements for compliance to the Payment Card Industry Data Security Standards (PCI-DSS). Compliance with this standard is a condition of

More information

John B. Dickson, CISSP October 11, 2007

John B. Dickson, CISSP October 11, 2007 PCI Compliance for Your Organization PCI Compliance for Your Organization John B. Dickson, CISSP October 11, 2007 Learning objectives for today s session Overview of PCI who, what, why Overview of PCI

More information

FOR A BARRIER-FREE PAYMENT PROCESSING SOLUTION

FOR A BARRIER-FREE PAYMENT PROCESSING SOLUTION FOR A BARRIER-FREE PAYMENT PROCESSING SOLUTION MAKE THE SWITCH TO MONEXgroup ecommerce I Mobile I Wireless I Integrated I Countertop Solutions IN-STORE ON-THE-GO ONLINE Accept secure debit and credit card

More information

PCI DSS Compliance. 2015 Information Pack for Merchants

PCI DSS Compliance. 2015 Information Pack for Merchants PCI DSS Compliance 2015 Information Pack for Merchants This pack contains general information regarding PCI DSS compliance and does not take into account your business' particular requirements. ANZ recommends

More information

We believe First Data is well positioned to take advantage of all of these trends given the breadth of our solutions and our global operating

We believe First Data is well positioned to take advantage of all of these trends given the breadth of our solutions and our global operating Given recent payment data breaches, clients are increasingly demanding robust security and fraud solutions; and Financial institutions continue to outsource and leverage technology providers given their

More information

Table of Contents. Overview. What is payment processing? Who s Who. Types of Payment Solutions. Online Transactions. Interchange Process

Table of Contents. Overview. What is payment processing? Who s Who. Types of Payment Solutions. Online Transactions. Interchange Process Overview Credit Card Processing 101 is your go-to handbook for navigating the payments industry. This document provides a quick and thorough understanding on how businesses accept electronic payments,

More information

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire C and Attestation of Compliance

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire C and Attestation of Compliance Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire C and Attestation of Compliance Payment Application Connected to Internet, No Electronic Cardholder Data Storage Version

More information

Josiah Wilkinson Internal Security Assessor. Nationwide

Josiah Wilkinson Internal Security Assessor. Nationwide Josiah Wilkinson Internal Security Assessor Nationwide Payment Card Industry Overview PCI Governance/Enforcement Agenda PCI Data Security Standard Penalties for Non-Compliance Keys to Compliance Challenges

More information

Payment Card Industry Data Security Standards

Payment Card Industry Data Security Standards Payment Card Industry Data Security Standards January 19, 2011 Marc S. Reisler, Holland & Knight Copyright 2011 Holland & Knight LLP All Rights Reserved Data Breaches Remain a Serious Concern PCI Standards

More information

La règlementation VisaCard, MasterCard PCI-DSS

La règlementation VisaCard, MasterCard PCI-DSS La règlementation VisaCard, MasterCard PCI-DSS Conférence CLUSIF "LES RSSI FACE À L ÉVOLUTION DE LA RÉGLEMENTATION" 7 novembre 07 Serge Saghroune Overview of PCI DSS Payment Card Industry Data Security

More information

PCI Compliance is More Than a Matter of Dollars (and Sense) Are Your Clients Properly Protected Against Lost or Stolen Data?

PCI Compliance is More Than a Matter of Dollars (and Sense) Are Your Clients Properly Protected Against Lost or Stolen Data? PCI Compliance is More Than a Matter of Dollars (and Sense) Are Your Clients Properly Protected Against Lost or Stolen Data? Overview Every electronic transaction creates an opportunity for unscrupulous

More information

Secure Payments Framework Workgroup

Secure Payments Framework Workgroup Secure Payments Framework Workgroup EMV for the US Hospitality Industry Version 1.0 About HTNG Hotel Technology Next Generation (HTNG) is a non-profit association with a mission to foster, through collaboration

More information

EMV FAQs. Contact us at: CS@VancoPayments.com. Visit us online: VancoPayments.com

EMV FAQs. Contact us at: CS@VancoPayments.com. Visit us online: VancoPayments.com EMV FAQs Contact us at: CS@VancoPayments.com Visit us online: VancoPayments.com What are the benefits of EMV cards to merchants and consumers? What is EMV? The acronym EMV stands for an organization formed

More information

Accepting Payment Cards and ecommerce Payments

Accepting Payment Cards and ecommerce Payments Policy V. 4.1.1 Responsible Official: Vice President for Finance and Treasurer Effective Date: September 29, 2010 Accepting Payment Cards and ecommerce Payments Policy Statement The University of Vermont

More information

2.1.2 CARDHOLDER DATA SECURITY

2.1.2 CARDHOLDER DATA SECURITY University of Oxford Finance Division FINANCIAL POLICY 2.1.2 CARDHOLDER DATA SECURITY Date: 21 March 2013 Version: 2.1.2 Status: Approved Author: Simon Blee Bridget Midwinter TABLE OF CONTENTS Page EXECUTIVE

More information

Payments Transformation - EMV comes to the US

Payments Transformation - EMV comes to the US Accenture Payment Services Payments Transformation - EMV comes to the US In 1993 Visa, MasterCard and Europay (EMV) came together and formed EMVCo 1 to tackle the global challenge of combatting fraudulent

More information

EMV and Restaurants What you need to know! November 19, 2014

EMV and Restaurants What you need to know! November 19, 2014 EMV and Restaurants What you need to know! Mike English Executive Director of Product Development Kristi Kuehn Sr. Director, Compliance November 9, 204 Agenda EMV overview Timelines Chip Card Liability

More information

OpenEdge Research & Development Group April 2015

OpenEdge Research & Development Group April 2015 2015: Development, Merchant Readiness & the Coming Liability Shift OpenEdge Research & Development Group April 2015 developers@openedgepay.com openedgepay.com 2015: Development, Merchant Table of Contents

More information

Payment Card Industry Data Security Standards

Payment Card Industry Data Security Standards Payment Card Industry Data Security Standards PCI DSS Rhonda Chorney Manager, Revenue Capital & General Accounting Today s Agenda 1. What is PCI DSS? 2. Where are we today? 3. Why is compliance so important?

More information

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Payment Card Industry (PCI) Data Standard Attestation of Compliance for Self-Assessment Questionnaire D Service Providers Version 3.1 April 2015 Section 1: Assessment Information Instructions for Submission

More information

PCI Overview. PCI-DSS: Payment Card Industry Data Security Standard

PCI Overview. PCI-DSS: Payment Card Industry Data Security Standard PCI-DSS: Payment Card Industry Data Security Standard Why is this important? Cardholder data and personally identifying information are easy money That we work with this information makes us a target That

More information