You are here: Home / Archives for Blog / Emerging Trends & Innovation / Compliance

Solution to Retailers PCI compliance concern

May 14, 2012 by Leave a Comment

Payment Card Industry (PCI) compliance is a set of requirements set up by credit card companies for businesses to haveiCharge it in place for any credit card transaction. Such requirements have been put in place to prevent banks, businesses and individuals from credit card fraud which has been rampant and on the rise compromising crucial information of credit card holders.

A modern integrated retail system is an important aspect for any business that wants to protect self and its customers. An integrated retail system allows your business to make quick decisions and provide vital information that could prevent fraud from taking place. With PCI compliance, information of the credit card holder is provided, which if used with your retail system can confirm information presented by a customer as a way of ensuring that they are not a victim to credit card fraud. This will protect your business from a possible suit for failure to confirm details of a fraudster trying to commit fraud.

Point of sale systems (POS), have also come a long way in making a sale transaction easier and faster for both businesses and customers. POS allows you to purchase new stock while also being able to generate a report on the sales made at any one time. Apart from this, they have been able to establish a new form of payment process that does not require physical cash. This payment method is similar to PIC, which allows customers to make purchases without having any money with them. PCI compliance plays an important part in POS interaction with customers as payments made are quick and easy to trace at any time.

Loyalty programs can go a long way to growing any business. More and more customers are likely to show loyalty to your business with the best systems in place. The aim of a loyalty system is to award customers that purchase your products and services frequently and so, it is a very important strategy as it allows loyal customers to be recognized and their efforts awarded. In similarity, PIC compliance ensures that your business continues to reap from the loyalty customers’ show to the business. This is because they feel that their important information is secure and not prone to compromise by fraudsters. Due this sense of security more and more customers will opt to continue doing business with you.

Multi – channels retailing has proved over time to be a very popular module that any business wishing to go into e-commerce could undertake. It revolves around the need to keep track of customers, inventory, products and so much more areas that involve the business. PCI compliance is also aimed at making the multi-channel approach easier for businesses. Multi-channel retailing is a form of business management that allows business leaders to be informed on the progress of their businesses continuously and on a daily basis. This is similar to PCI compliance that helps business owners’ account for the sales made on any one day. Its importance is therefore very vital to your business. Failure to comply with PCI complacencies can lead to lack of knowledge of developing problems facing your business hence making it not to grow like you intend it to.

Finally, PCI compliance is important as it not only prevents your business from facing major fines and penalties, but also allows your business to benefit in numerous ways in ensuring efficiency and that service delivery is your main agenda.

 

Filed Under: Compliance, Retail Trends Tagged With: , , , ,

What PCI rules mean retailers and how to comply

April 19, 2012 by Leave a Comment

Every business and organization that doesn’t still keep its money in a coffee can is finding that their banks and credit card companies are getting serious about safeguarding credit card information.

The focus on the industry in the last five years has been on larger companies, but now even the smallest are being brought into compliance with these standards. It will safeguard customers, but at a cost and increased financial liability to business owners.

It’s the Payment Card Industry Data Security Standard (PCI DSS, or just PCI), rules for safeguarding credit card information that apply to all organization handling debit, credit, and pre-paid cards for American Express, Discover, Japan Credit Bureau (JCB), MasterCard, and Visa International.

The standards are written and administered by the Payment Card Industry Security Standards Council.

If PCI doesn’t work, federal law may step in. This was already threatened at a Congressional hearing on retail credit card security. State legislatures are also getting into the act, with 38 states having laws requiring notification of affected parties in case of credit card information security breaches.

The initial focus on PCI compliance, after it went into effect in 2006, was on larger retailers, and moved to smaller business over the past few years. Technically, all merchants have been required by the credit card industry to be PCI compliant since at least Jan. 1, 2008.

There is the oft-quoted statistic from Visa that, “More than 80 percent of compromises identified since 2005 are Level 4 merchants.”  A Level 4 merchant is one with fewer than one million Visa transactions, or one with fewer than 20,000 electronic commerce transactions, a year. Visa also notes that the Level 4 merchants’ 80 percent rate of all compromises involves only five percent of Visa’s potentially exposed accounts.

And even if PCI is not a law, you may wish it was. When PCI violations come to the attention of your card companies, they can levy fines from $5,000 to $100,000 a month.

The penalties for violating the PCI standards go through your bank, which means violations cause you problems with the bank as well as the credit card company. The fine for violation goes to the bank, which will pass it on to you, and the bank may take other actions against you as well.

You get PCI certification by filling out a questionnaire from your bank. Depending on the cards you have and certain aspects of your business, you may need to have your system tested with a scan. These scans might be required every 90 days to maintain certification.

The PCI compliance protects cardholders in two broad ways.

  1. They prohibit a business from keeping certain card information on their customers. You can keep cardholders names and card numbers only if they are encrypted, and you can’t keep things like the validation value or the three- and four-digit codes, PINs or the full magnetic strip data.
  2. Retailers have secure data processing and storage systems with adequate firewalls and wireless access protection. In some cases data can only be stored on computers not connected to the Internet.

The PCI requirements also require retailers to have security systems that detect intrusions into their systems and take immediate action against them. A further safeguard is requirements that the system be tested and validated periodically.

A simple way to handle this is to get your organization a comprehensive business software suite that manages all your data and is PCI compliant, but remember that you are still responsible yourself for the PCI compliance and for any problems that occur.

Filed Under: Compliance Tagged With: