CISP Compliance. CounterPoint Helps Retailers Comply with Payment Card Industry (PCI) Data Security Standards... Compliance with CISP

Similar documents
The following are responsible for the accuracy of the information contained in this document:

TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No MERCHANT DEBIT AND CREDIT CARD RECEIPTS

PROTECTION OF OUR MERCHANTS AND REFERRAL PARTNERS IS OUR FIRST CONCERN

THIRD PARTY AGENT REGISTRATION PROGRAM

Payment Gateways: Value and Security

PAYMENT CARD INDUSTRY (PCI) COMPLIANCE HISTORY & OVERVIEW

Introduction to PCI DSS Compliance. May 18, :15 p.m. 2:15 p.m.

Tools to help you purchase your POS System

* Any merchant that has suffered a hack that resulted in an account data compromise may be escalated to a higher validation level.

ACCEPTING PAYMENT CARDS FOR CONDUCTING UNIVERSITY BUSINESS:

Agent Registration. Program Guide. (For use in Asia Pacific, Central Europe, Middle East, Africa)

Your Compliance Classification Level and What it Means

Third Party Agent Registration Program Frequently Asked Questions

CREDIT CARD PROCESSING AND MERCHANT SERVICES

Agent Registration. Program Guidelines. (For use in Asia Pacific, Central Europe, Middle East and Africa)

FAQ s for Payment Card Processing at the University

Q: What is PCI? Q: To whom does PCI apply? Q: Where can I find the PCI Data Security Standards (PCI DSS)? Q: What are the PCI compliance deadlines?

Your Reference Guide to EMV Integration: Understanding the Liability Shift

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire

We believe First Data is well positioned to take advantage of all of these trends given the breadth of our solutions and our global operating

SCHEDULE A MODIFIED SCOPE OF SERVICES MERCHANT CARD PROCESSING SERVICES STATE OF NORTH CAROLINA AND SUNTRUST MERCHANT SERVICES

Merchant Application & Agreement Merchant Processing Terms & Conditions

Frequently Asked Questions

How To Protect Your Business From A Hacker Attack

List of Compliant Service Providers

ACCEPTING PAYMENT CARDS FOR CONDUCTING UNIVERSITY BUSINESS:

PDQ Guide for the PCI Data Security Standard Self-Assessment Questionnaire C (Version 1.1)

Intro to PCI Compliance

La règlementation VisaCard, MasterCard PCI-DSS

SELLER METRICS Effective October 2013

Registry of Service Providers

Payment Card Security

Verified by Visa. Acquirer and Merchant Implementation Guide. U.S. Region. May 2011

The Comprehensive, Yet Concise Guide to Credit Card Processing

PCI Compliance Overview

Introduction to. May 18, :15 p.m. 2:15 p.m.

Frequently Asked Questions

Mobile Near-Field Communications (NFC) Payments

Tokenization Amplified XiIntercept. The ultimate PCI DSS cost & scope reduction mechanism

Payment Card Industry Data Security Standard Training. Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc.

How To Protect Visa Account Information

Credit Card Acceptance Policy. Vice Chancellor of Business Affairs. History: Effective July 1, 2011 Updated February 2013

Simplêfy Client Support and Information Services. PCI Compliance Guidebook

Cal Poly PCI DSS Compliance Training and Information. Information Security 1

ICS Presents: The October 1st 2015 Credit Card Liability Shift: This Impacts Everyone!

Why Is Compliance with PCI DSS Important?

Security Breaches and Vulnerability Experiences Overview of PCI DSS Initiative and CISP Payment Application Best Practices Questions and Comments

Electronic Payment Processing

E-Market Policy Accepting Online Payment for Conducting University Business

A Compliance Overview for the Payment Card Industry (PCI)

Tackling Campus-Wide e-commerce

Merchant Card Processing Best Practices

GRINNELL COLLEGE CREDIT CARD PROCESSING AND SECURITY POLICY

Visa U.S.A. Cardholder Information Security Program (CISP) List of Compliant Service Providers

Validation of PCI Compliance Requirements NC Office of the State Controller June 23, 2015

Payment Card Industry Compliance

CREDIT CARD PROCESSING POLICY AND PROCEDURES

How Do I Understand Credit Card Processing Fees?

Questions and Answers PCI Compliance (Updated May 23, 2014)

E-Commerce SOLUTIONS. Generate Online Revenue with E-Commerce Solutions.

Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness

PCI Compliance Just the Facts. Rick Dakin President ext. 7001

COLUMBUS STATE COMMUNITY COLLEGE POLICY AND PROCEDURES MANUAL

UTAH STATE UNIVERSITY POLICIES AND PROCEDURES MANUAL

Introduction to PCI DSS

CREDIT CARD MERCHANT PROCEDURES MANUAL. Effective Date: 5/25/2011

Insurance-Specific Payment Services Requires Insurance Industry Knowledge

Thoughts on PCI DSS 3.0. D. Timothy Hartzell CISSP, CISM, QSA, PA-QSA Associate Director

University of Dayton Credit / Debit Card Acceptance Policy September 1, 2009

Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) Frequently Asked Questions

CHEAT SHEET: PCI DSS 3.1 COMPLIANCE

University Policy Accepting Credit Cards to Conduct University Business

Achieving Compliance with the PCI Data Security Standard

Are You Ready For PCI v 3.0. Speaker: Corbin DelCarlo Institution: McGladrey LLP Date: October 6, 2014

Merchant Services Tool Kit TEXPO 2013

Identifying Security. Payment System. Federal Reserve Bank. Ellen Richey Chief Enterprise Risk Officer Visa Inc. Visa Public

Preface. Author s Biography

Cyber - Security and Investigations. Ingrid Beierly August 18, 2008

Saint Louis University Merchant Card Processing Policy & Procedures

It is important to note, the payment brands and acquirers are responsible for enforcing compliance, not the PCI council.

Table of Contents. 2 TouchSuite Welcome Kit

Understanding Payment Card Industry (PCI) Data Security

Dates VISA MasterCard Discover American Express. support EMV. International ATM liability shift 2

EMV Delivery of Mobile, Parking and Unattended Payments. Elavon

2.1.2 CARDHOLDER DATA SECURITY

PCI-PA-DSS. Solution Kit

Clark Brands Payment Methods Manual. First Data Locations

Payment Card Industry Data Security Standard

International Merchant Application Form

Payment Card Industry Data Security Standards.

Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008

Payment Card Industry Data Security Standards

PAI Secure Program Guide

Optimizing the Payment Process in SAP

Net Report s PCI DSS Version 1.1 Compliance Suite

TruRewards Terms and Conditions

VISA EUROPE ACCOUNT INFORMATION SECURITY (AIS) PROGRAMME FREQUENTLY ASKED QUESTIONS (FAQS)

Five PCI Security Deficiencies of Restaurants

Payment Card Industry (PCI) Data Security Standard

For more information on SQL injection, please refer to the Visa Data Security Alert, SQL Injection Attacks, available at

Transcription:

CISP Compliance Compliance with CISP means compliance with the PCI Data Security Standard with the required program validation. Using the PCI Data Security Standard as its framework, CISP provides the tools and measurements needed to protect against cardholder data exposure and compromise. CounterPoint Helps Retailers Comply with Payment Card Industry (PCI) Data Security Standards... What is CISP Compliance? The Visa Card Holder Information Security Program (CISP) is a subset of PCI that established compliance validation programs for software applications and processing service providers who serve Visa and MasterCard merchants. How does this help with PCI Compliance? The purpose of this validation is to make it easier for merchants to be sure providers are offering solutions which do not violate the merchants PCI compliance requirements. Where can I get more information? You can read more about CISP as it relates to PCI at the following address: http://usa.visa.com/merchants/risk_management/cisp.html CounterPoint s CISP Validation On the following two abbreviated PDF documents, Visa lists all validated applications and providers. The documents are also available from the site referenced above. You will see in these documents that all Radiant Systems applications and services, including CounterPoint, current in their validation testing of CISP compliance. By investing in a CounterPoint system with CISP Compliance, you have the tools available to you to help you meet PCI compliance requirements. 877.484.7382 www.accelerando.net

List of Validated Payment Applications As of The following List of Validated Payment Applications have been assessed for compliance with the Payment Application Best Practices ( PABP ). Only those versions of the application identified in the listing below have been evaluated and determined to comply with PABP. Compliance with the PABP is determined based upon data and information developed by an evaluation of the application by a Qualified Payment Application Security Company ( QPASC ). Although Visa reviews the QPASC-developed data and information, Visa does not independently confirm such data or information nor does Visa perform any tests or analysis of the functionality, performance or suitability of any of the applications and/or products listed. Visa makes no endorsement or recommendation of applications or products, or of their respective developers or distributors. Furthermore, Visa makes no warranties, guarantees or representations that any of the applications or products will meet your requirements for performance or functionality, that the applications or products will be free from errors or malicious code, or that the applications or products will be compatible with any other systems or applications. Any and all representations or warranties, including any and all representations and warranties made by the payment application vendor, are disclaimed by Visa. The information provided herein is provided AS IS with no warranties, expressed or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose and/or non-infringement. The information provided herein is subject to change by Visa, with or without notice. Although Visa makes good faith efforts to provide accurate and complete information, merchants, or anyone else utilizing the information set forth on the following List of Validated Payment Applications remain responsible for confirming the accuracy of the information set forth below, including but not limited to, confirming with the appropriate payment application vendor that the version of the application identified below is in compliance with PABP. Use of any one or more of the applications below (i) does not guarantee or ensure compliance with the PCI DSS; and (ii) does not satisfy any Acquirers obligation to perform their own evaluation and due diligence, to ensure the PCI DSS compliance of their merchants and agents. PABP reviews are valid for one year, with annual attestation due to Visa one year from the below VALIDATION DATE. Attestations that are from 1-60 days late are noted in yellow and reports that are from 60-90 days late are noted in red. Entities with reports over 90 days past due will be removed from this list. (1) An annual validation is required for those payment applications with major upgrade or product version changes. If there are no changes to the product, Visa will require a letter signed by an Officer of the software company indicating no changes to the payment application and continued adherence to the Payment Application Best Practices. Visa will note that there were no changes to the product Visa U.S.A List of Validated Payment Applications 2007 Visa Inc. 1

PAYMENT APPLICATION VENDOR Princeton Payment Solutions www.princetonpayments.co m Quest Retail www.quest.com.au Radiant Systems www.radiantsystems.com PAYMENT APPLICATION APPLICATION VERSION VALIDATION DATE (1) ASSESSOR DESCRIPTION 2.08.017 December 15, 2007 403 Labs Dial-to-IP and Serialto-IP converter and router to facilitate the transmission of transactions from an existing terminal across the Internet PayWare NET/ERP 4.3 June 20, 2006 Quest Manager (Quest Venue Manager, Quest Enterprise Manager, Quest Hospitality Manager) Aloha Suite Middleware solutions for large merchants 1.5 Coalfire Systems POS software solution designed for large stadiums or event venues with the need of centralized POS and payment processing 6.1 August 30, 2006 5.3.15 March 24, 2005 CounterPoint 7 December 15, 2007 CounterPoint SQL 8.3.3 December 15, 2007 Exhibitor POS Suite 5.9.2 November 15, 2007 5.6 April 11, 2006 table and quick service industry Formerly Synchronics. A point-of-sale and inventory management system suitable for businesses of all sizes that need to manage, consolidate and distribute information across many locations. The application also includes features designed to meet the specific needs of wholesale distributors and mail order business movie theatre / entertainment industry Lighthouse Suite 4.6.1025 November 15, 2007 quick service restaurants QSR POS Suite 71.00011.0115 December 15, 2007 quick service restaurants RPOS PCS 6.6 July 7, 2006 petroleum and retail (1) An annual validation is required for those payment applications with major upgrade or product version changes. If there are no changes to the product, Visa will require a letter signed by an Officer of the software company indicating no changes to the payment application and continued adherence to the Payment Application Best Practices. Visa will note that there were no changes to the product Visa U.S.A List of Validated Payment Applications 2007 Visa Inc. 21

Visa U.S.A. Cardholder Information Security Program (CISP) List of Compliant Service Providers As Of The companies listed below successfully completed a CISP review based on the PCI Data Security Standard. The "VALIDATION DATE" is the date of last compliance. CISP reviews are valid for one year, with the next annual report due to Visa one year from the "VALIDATION DATE". Reports that are from 1-60 days late are noted in yellow and reports that are from 60-90 days late are noted in red. Entities with reports over 90 days past due are removed from this list. It is the member's responsibility to use compliant service providers and to follow up with service providers if there are any questions about their compliance status. Visa U.S.A. Cardholder Information Security Program (CISP) List of Compliant Service Providers - All SERVICE PROVIDER VALIDATION DATE SERVICES COVERED BY REVIEW (1) ASSESSOR 1ShoppingCart.com Internet Security Metrics 1st Americard Merchant Payment Services 3Delta Systems July 31, 2007 Merchant Payment Services Fortrex Technologies 3Pea Technologies, Inc Prepaid Card Processing A3 IT Solutions Managed Hosting Academy Collection Service Debt Collection Agency Accel Networks January 31, 2008 Wireless AccountNow July 31, 2007 Account Management Services Accretive Commerce Direct Marketing Order Fulfillment RSM McGladrey ACH Direct Merchant RSM McGladrey ACI Worldwide Merchant, Inc ACS Government and Community Solutions April 30, 2007 Jefferson Wells Acxiom ICS/BNS Core & ISC/BNS Proprietary Bankruptcy Notification Services Adeptra Fraud and Chargeback Services Adteractive, Inc. February 28, 2008 Merchant Digital Marketing Digital Resources Group (DRG) Aegis Communications K3DES Affinity Solutions Loyalty Programs (1) CISP reviews represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Inclusion on this list indicates only that the service provider successfully completed a CISP assessment following requirements prescribed for their CISP Level, based on the report of an independent security assessor. Visa does not endorse the service providers or their business processes or practices. Visa has no duty to Members, merchants, processors or other third parties to obtain or review reports from any party required to submit a report, and Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. 2008 Visa U.S.A. Inc. 1 of 20

Visa U.S.A. Cardholder Information Security Program (CISP) List of Compliant Service Providers - All SERVICE PROVIDER VALIDATION DATE SERVICES COVERED BY REVIEW (1) ASSESSOR PEMCO Coalfire PeopleSupport GCA PeopleSupport-Costa Rica PFSweb, Inc. Order Fulfillment Pipeline Data Planet eshop Information Exchange Planet Payment Multi-Currency Plug & Pay Technologies, Inc. Internet POS Portal August 31, 2007 Merchant Coalfire POST Integrations, Inc. CyberTrust Prairie Systems, Inc. Payment Gateway Preferred Health Premiere Global Services Records Management Presto ATM Processing Priority Payment Systems Merchant Process America Information Exchange Profit Margins, Inc. Direct Marketing ProfitStars April 30, 2007 Progressive Distribution Merchant Janus Associates Propco Marketing PropertyBridge Merchant PSCU Financial Services, Inc. February 28, 2008 Bill Dispute Resolution Verizon Business PSIGate Internet Payment Gateway Qgiv QS/1 Quantum Services Payment Gateway Raven Eye Quickbooks Merchant Services Merchant Radiant Systems Rainbow Rewards Rewards/Gift Card Programs RBS Lynk (1) CISP reviews represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Inclusion on this list indicates only that the service provider successfully completed a CISP assessment following requirements prescribed for their CISP Level, based on the report of an independent security assessor. Visa does not endorse the service providers or their business processes or practices. Visa has no duty to Members, merchants, processors or other third parties to obtain or review reports from any party required to submit a report, and Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. 2008 Visa U.S.A. Inc. 15 of 20

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information