You are here: Home / Archives for PCI Compliance

iCharge version 10.5.7 released

November 9, 2012 by Leave a Comment

About iChargeiCharge is a Credit Card Application that integrates SAP Business One with Payment Gateways globally. iCharge processes credit card information betweeniCharge sales transaction in SAP Business One and payment processor service that obtains authorization information needed to approve the transaction. For all sales transactions generated in SAP Business One, iCharge authorizes and settles payments in real time and integrates them back into SAP Business One

Release Description

This document outlines the enhancements / Issues fixed in iCharge version 10.5.7

iCharge 10.5.7 is only supported on:

  • SAP Business One 8.82
  • SAP Business One 8.81, PL03 and above
  • SAP Business One 8.8
  • Microsoft SQL Server 2005
  • Microsoft SQL Server 2008

iCharge – 10.5.7

Enhancements

  • Unlinked Refunds: With this release, unlinked refunds are allowed. User can create independent A/R Credit Notes and perform refunds using Banking à Incoming Payments.
  • CVV No.: With this release, CVV number field has been made available for all the payment gateways. The entered CVV number can be transmitted to payment gateway for Credit Card authorization. However, iCharge never stores the CVV number in database.
  • Direct Sale: With this release, the partially settled card can automatically be used for settling the unsettled partial document amount through direct sale.

For more details on iCharge Contact us or write to us on [email protected]

Filed Under: Blog, Product update Tagged With: , , ,

What PCI rules mean retailers and how to comply

April 19, 2012 by Leave a Comment

Every business and organization that doesn’t still keep its money in a coffee can is finding that their banks and credit card companies are getting serious about safeguarding credit card information.

The focus on the industry in the last five years has been on larger companies, but now even the smallest are being brought into compliance with these standards. It will safeguard customers, but at a cost and increased financial liability to business owners.

It’s the Payment Card Industry Data Security Standard (PCI DSS, or just PCI), rules for safeguarding credit card information that apply to all organization handling debit, credit, and pre-paid cards for American Express, Discover, Japan Credit Bureau (JCB), MasterCard, and Visa International.

The standards are written and administered by the Payment Card Industry Security Standards Council.

If PCI doesn’t work, federal law may step in. This was already threatened at a Congressional hearing on retail credit card security. State legislatures are also getting into the act, with 38 states having laws requiring notification of affected parties in case of credit card information security breaches.

The initial focus on PCI compliance, after it went into effect in 2006, was on larger retailers, and moved to smaller business over the past few years. Technically, all merchants have been required by the credit card industry to be PCI compliant since at least Jan. 1, 2008.

There is the oft-quoted statistic from Visa that, “More than 80 percent of compromises identified since 2005 are Level 4 merchants.”  A Level 4 merchant is one with fewer than one million Visa transactions, or one with fewer than 20,000 electronic commerce transactions, a year. Visa also notes that the Level 4 merchants’ 80 percent rate of all compromises involves only five percent of Visa’s potentially exposed accounts.

And even if PCI is not a law, you may wish it was. When PCI violations come to the attention of your card companies, they can levy fines from $5,000 to $100,000 a month.

The penalties for violating the PCI standards go through your bank, which means violations cause you problems with the bank as well as the credit card company. The fine for violation goes to the bank, which will pass it on to you, and the bank may take other actions against you as well.

You get PCI certification by filling out a questionnaire from your bank. Depending on the cards you have and certain aspects of your business, you may need to have your system tested with a scan. These scans might be required every 90 days to maintain certification.

The PCI compliance protects cardholders in two broad ways.

  1. They prohibit a business from keeping certain card information on their customers. You can keep cardholders names and card numbers only if they are encrypted, and you can’t keep things like the validation value or the three- and four-digit codes, PINs or the full magnetic strip data.
  2. Retailers have secure data processing and storage systems with adequate firewalls and wireless access protection. In some cases data can only be stored on computers not connected to the Internet.

The PCI requirements also require retailers to have security systems that detect intrusions into their systems and take immediate action against them. A further safeguard is requirements that the system be tested and validated periodically.

A simple way to handle this is to get your organization a comprehensive business software suite that manages all your data and is PCI compliant, but remember that you are still responsible yourself for the PCI compliance and for any problems that occur.

Filed Under: Compliance Tagged With:

The skinny on PCI Compliance

December 16, 2010 by Leave a Comment

Here is what you need to know about the new PCI compliance standard when choosing a solution partner:
First, see below definitions to know what we’re talking about (like we need more acronyms in this business right?)
PCI = Payment Card Industry
PA = Payment Application
DSS = Data Security Standard

These standards were actually created by the various payment card providers like Visa, MasterCard and American Express. PCI casts a very broad net; it includes the card providers, gateways, merchants, banks and applications. PA is any software or hardware solution that passes or reads/stores sensitive data. DSS is the standard the hardware and software solution providers must write their code and encryption levels to.
For us selling and purchasing solutions that store or transmit sensitive data, when a customer asks if your solution have PCI Compliance, they mean is your solution PADSS Certified? Only a Payment Application (PA) that is Data Security Standard (DSS) certified can be compliant. This certification can only be earned after engaging a qualified firm and passing a stringent audit process. Many end users are not even considering a solution that is not certified.
The reason is that for a business to be PCI compliant – using PADSS certified solutions is only a piece of the compliance pie – but a very necessary piece. Network firewalls, database encryption, updated antivirus software and passing security scans (for eCommerce) are some other qualifications.
CitiXsys solutions; iCharge and iVend are PADSS certified and become a valuable part of the PCI compliant path for end users. So next time a customer asks if your solution is PCI compliant you can confidently say “yes we are a certified application”.
Happy Selling-

Filed Under: Emerging Trends & Innovation, News @ CitiXsys, Product update, SAP Add-ons, Thought leadership Tagged With: , , , , ,