tag:typepad.com,2003:weblog-1773786 2014-07-10T16:59:00-07:00 Learn the most up-to-date information on PCI DSS compliance - the latest payment processing technology, credit card security news, PCI DSS and PA DSS requirements and more. TypePad tag:typepad.com,2003:post-6a010534b0dc03970c01a511f30ab1970c 2014-07-10T16:59:00-07:00 2014-07-10T16:59:00-07:00

As you may be aware, October 2015 marks a significant date in the world of payments. In the next step to further incentivize EMV adoption in the U.S., major card brands will officially shift liability for fraudulent EMV card-present transactions to favor merchants using EMV-enabled devices. To prepare for this shift, ISVs should prepare now to ensure their applications are EMV-ready. There are various methods to incorporate EMV into software applications, some simple and some greatly complex. Traditional EMV certification is lengthy, complicated, and costly, as the software provider has to complete a direct EMV certification to each hardware manufacturers and processors they wish to support in their application. It is time consuming to certify to multiple U.S. processors and hardware manufacturers, and adding in the the EMV transaction protocol itself adds another layer of complexity for the ISV. An alternative approach is to look for a solution that removes the complexity of traditional payments integration as a whole while...

Leah tag:typepad.com,2003:post-6a010534b0dc03970c01a511f30a63970c 2014-06-16T11:56:00-07:00 2014-06-16T11:56:00-07:00

The payments industry is full of abbreviations and acronyms. Let’s take a look at the 5 most common ones we use and their definitions. PCI DSS stands for Payment Card Industry Data Security Standard – A set of security requirements for all businesses that handle payment cards, including merchants and software developers of applications that handle payment card data. P2PE is the acronym for point-to-point encryption. P2PE ensures sensitive cardholder data is protected from first card swipe or key-entry, while in transit, all the way to the payment processor. Encryption renders the credit card data so that it is unreadable and valueless should it become intercepted during the transaction life cycle. POE, known as Point-of-Entry is the initial instance when cardholder data enters the point of sale through a payment device by swiping or manually keying a payment card. CDE stands for cardholder data environment. A merchant’s CDE is made up of all of the components used to process, store,...

Leah tag:typepad.com,2003:post-6a010534b0dc03970c01a3fd4365f7970b 2014-05-08T14:52:00-07:00 2014-05-08T14:52:00-07:00

Payment card data remains one of the easiest types of data to convert to cash, and therefore the preferred choice of criminals. In fact, 74% of attacks on retail, accommodation, and food services companies target payment card information1. Fortunately, there are many payment card security technologies that are readily available to businesses of all sizes in all industries to help minimize the risk of handling cardholder data. A simple and secure technology that is easily implemented at the point-of-sale (POS) is Point-to-Point Encryption (P2PE). P2PE is the process of converting sensitive cardholder data into an unintelligible form of a specific cryptographic key. This technology is built into POS devices to securely transmit cardholder data from the device through the software application to the payment processor. The encrypted cardholder data being transmitted is NOT equivalent to the original cardholder data in any way. Even if the data were to be intercepted, it would be useless to data thieves. P2PE has many...

Leah