Security, NCR Secure Pay and EMV Chips
The Payment Card Industry Data Security Standard, commonly known as the PCI DSS, was created with the sole purpose of securing and protecting cardholder data. Card brands have mandated that acquiring banks are responsible for ensuring that all of their merchants that store, process or transmit payment cardholder data comply with the PCI-DSS requirements. Demonstrating PCI compliance goes well beyond simply having a PA-DSS validated payment processing application. Retail merchants are directly responsible for ensuring that they meet ALL requirements of the PCI DSS standard and reporting their compliance status.
Radiant/NCR and RBMS are committing significant resources and efforts to helping our customers secure consumer data. We want to help you understand your responsibility related to data security and your liability per the PCI-DSS and card brand mandates. We will be helping to promote your awareness of data security by providing ongoing communication in the following areas on which you can focus to enhance the security of your business. The following is a brief "Best Practices" guideline for your review.Implementing secure remote access practicesImplementing adequate password controlsImplementing only PCI/DSS compliant Hardware Installing an approved commercial-grade hardware firewallInstalling anti-malware programsEnsuring you are using a compliant version of CounterPoint and it is configured securely per implementation guideEnsuring your operating system is up to date with security patchesProving compliance at specific points in time (SAQ/network scans)Implementing operational security processes Consistently monitoring your security infrastructure and proceduresIt is ultimately your responsibility to ensure that your site is PCI-DSS compliant. The above guidelines can help secure your business today. Please note, however, that there are more requirements than outlined here to be PCI compliant. More information about PCI requirements may be found at www.pcisecuritystandards.org.