Security, NCR Secure Pay and EMV Chips

PCI-DSS Compliance. This is a topic that seems to be in the news everywhere these days. Whether it is a story about a merchant getting breached by criminals and losing their business or the multiple letters you're receiving from your processor, service providers, or other vendors trying to sell you something, you can't get away from it. But what does it mean to you?
The Payment Card Industry Data Security Standard, commonly known as the PCI DSS, was created with the sole purpose of securing and protecting cardholder data. Card brands have mandated that acquiring banks are responsible for ensuring that all of their merchants that store, process or transmit payment cardholder data comply with the PCI-DSS requirements. Demonstrating PCI compliance goes well beyond simply having a PA-DSS validated payment processing application. Retail merchants are directly responsible for ensuring that they meet ALL requirements of the PCI DSS standard and reporting their compliance status.
Radiant/NCR and RBMS are committing significant resources and efforts to helping our customers secure consumer data. We want to help you understand your responsibility related to data security and your liability per the PCI-DSS and card brand mandates. We will be helping to promote your awareness of data security by providing ongoing communication in the following areas on which you can focus to enhance the security of your business. The following is a brief "Best Practices" guideline for your review.Implementing secure remote access practicesImplementing adequate password controlsImplementing only PCI/DSS compliant Hardware Installing an approved commercial-grade hardware firewallInstalling anti-malware programsEnsuring you are using a compliant version of CounterPoint and it is configured securely per implementation guideEnsuring your operating system is up to date with security patchesProving compliance at specific points in time (SAQ/network scans)Implementing operational security processes Consistently monitoring your security infrastructure and proceduresIt is ultimately your responsibility to ensure that your site is PCI-DSS compliant. The above guidelines can help secure your business today. Please note, however, that there are more requirements than outlined here to be PCI compliant. More information about PCI requirements may be found at www.pcisecuritystandards.org.

PCI-DSS Compliance and EMV are topics that seem to be in the news everywhere these days. Whether it is a story about a merchant getting breached by criminals and losing their business or the multiple letters you're receiving from your processor, service providers, or other vendors trying to sell you something, you can't get away from it. But what does it mean to you?



The Payment Card Industry Data Security Standard, commonly known as the PCI DSS, was created with the sole purpose of securing and protecting cardholder data. Card brands have mandated that acquiring banks are responsible for ensuring that all of their merchants that store, process or transmit payment cardholder data comply with the PCI-DSS requirements. Demonstrating PCI compliance goes well beyond simply having a PA-DSS validated payment processing application. Retail merchants are directly responsible for ensuring that they meet ALL requirements of the PCI DSS standard and reporting their compliance status.

EMV -- which stands for Europay, MasterCard and Visa -- is a global standard for cards equipped with computer chips and the technology used to authenticate chip-card transactions. In the wake of numerous large-scale data breaches and increasing rates of counterfeit card fraud, U.S. card issuers are migrating to this new technology to protect consumers and reduce the costs of fraud.

These new and improved cards are being deployed to improve payment security, making it more difficult for fraudsters to successfully counterfeit cards. For merchants and financial institutions, the switch to EMV means adding new in-store technology and internal processing systems, and complying with new liability rules. Most of all, it means greater protection against counterfeit fraud.

NCR and RBMS are committing significant resources and efforts to helping our customers secure consumer data. Therefore, in addition to CounterPoint being certified “PCI Compliant”, processing integrated credit cards via CounterPoint requires the use of a Secure PCI Compliant payment gateway. Currently there are 2 certified payment gateways certified for use with NCR CounterPoint – CPGateway and SecurePay. For more detailed information, Frequently Asked Questions and pricing information regarding these payment gateways please refer to the fact sheets available from the links below:

• NCR SecurePay

• NCR CPGateway

In addition to security included in and provided by NCR, there are also other key points for merchants to consider in maintaining a secure PCI environment. We also want to help you understand your responsibility related to data security and your liability per the PCI-DSS and card brand mandates. The following is a brief "Best Practices" guideline for your review.

  1. 1. Implementing secure remote access practices
  2. 2. Implementing adequate password controls
  3. 3. Implementing only PCI/DSS compliant Hardware
  4. 4. Installing an approved commercial-grade hardware firewall
  5. 5. Installing anti-malware programs
  6. 6. Ensuring you are using a compliant version of CounterPoint and it is configured securely per implementation guide
  7. 7. Ensuring your operating system is up to date with security patches
  8. 8. Proving compliance at specific points in time (SAQ/network scans)
  9. 9. Implementing operational security processes
  10. 10. Consistently monitoring your security infrastructure and procedures

It is ultimately your responsibility to ensure that your site is PCI-DSS compliant. The above guidelines can help secure your business today. Please note, however, that there are more requirements than outlined here to be PCI compliant. More information about PCI requirements may be found at www.pcisecuritystandards.org.

 

Read More