Blog

ABCpdf.NET is, in our opinion, the best dynamic web page-to-PDF generator out there. We’ve evaluated many different PDF generation libraries, and found ABCpdf.NET to be superior.  This product shines in its simplicity to install and its ease of use.  It has made our system easier to use for the end user and we couldn’t function without it. We highly recommend Websupergoo products. We encourage you to try their software – http://www.websupergoo.com/products.htm

In Part I, I discussed the importance of PCI compliance, consequences of non-compliance and the effect of account termination on a merchant.  Part II will discuss the basics of PCI compliance responsibility and how merchants can avoid fines and account termination.  Continue reading "PCI Compliance – Why Merchants Need To Take It Seriously – Part II"

Having a merchant account comes with responsibility.  While a merchant may be concerned with revenue and how to grow its business, payment card industry (PCI) compliance should be at the top of the list as well.  The main purpose of PCI compliance is data security, which applies to any party involved in processing credit card transactions.  Not following the rules – or practicing risky activities – can result in card association fines and can also put a merchant account in jeopardy of being terminated – not to mention data breaches that may occur.  A merchant account termination can be detrimental to any business accepting credit cards – especially if they operate purely online. Continue reading "PCI Compliance – Why Merchants Need To Take It Seriously – Part I"

The latest news about Heartland Payment Systems’ 2008 security breach revealed some alarming, yet important, issues about the reporting of breaches and responsibility of the players involved in data security.

Heartland’s 2008 data breach is supposedly the largest breach of that year, but not the only one hit by the same hacker. According to Bob Carr, CEO of Heartland, most of the companies affected did not come forward. However, news articles are blasting Heartland for not reporting the 2008 breach earlier so customers and merchants could take action and precautions. While the Department of Justice has been successful in capturing individuals behind the recent data breaches, this should be a strong sign to any company involved with sensitive data that they should be stepping up efforts in the prevention of data loss.

Continue reading "Data Security: Who is Responsible?"

As a merchant, you accept Visa, MasterCard, American Express and Discover.  You have learned that each card brand has its own set of data security guidelines. So, which one do you follow? Good news! The card industry has made that decision for you.

A Little History

The PCI Security Standards Council (PCI SSC) was formed in December, 2004 by the major card brands (Visa, MasterCard, American Express, Discover and JCB) to educate and enhance the security standards in the credit card industry.  Prior to 2004, each card company had developed their own set of data security standards programs:

Continue reading "CISP, SDP, DISC…What Security Standard Do You Follow?"

The Payment Card Industry Security Standards Council is always creating new and effective versions of PCI DSS. The most recent of such compliance standards is version 1.2 which has 12 requirements for enhancing payment account security. These requirements are designed to address a broad range of data security, from software design to policies and procedures. Version 1.2 is not intended to change the existing DSS, but only to provide added security in a time when many feel it is most needed.

There are two notable changes, one requires that off-site data storage locations be visited and validated as compliant with PCI DSS. The other imposes a sunset date on wired equivalency privacy (WEP) use. For those of us who don’t speak techie, WEP is a software application intended to protect data as it travels across wireless networks. In previous posts, I have talked about WEP having to be upgraded by June 30^th, 2010 to Wi-Fi protected access (WPA).

Here are the 12 core requirements as outlined by the card associations:

Continue reading "The Payment Card Industry Security Standard Dozen"

The Federal Trade Commission announced that “creditors” will not have to worry about fines associated with non compliance with Red Flag Rules until May 1^st 2009. A creditor is defined as any entity that extends, renews, or continues credit and any entity that regularly arranges for the extension, renewal, or continuation of credit. For example, mortgage brokers, utility companies and automobile dealers are classified as creditors.

This decision to extend is said to be largely due to complaints from creditors that they were unaware of the existence of the new regulation and some say they only found out after the deadline had passed. This deadline according to the official press release only applies to organizations that are not under the jurisdiction of any of the other regulatory agencies other than the Federal Trade Commission. FACTA requires financial institutions and creditors to implement a written identity theft prevention program that should help detect identity theft, hopefully before any damage is done. If identity theft is not detected, the regulation calls for the financial institution or the creditor to reduce the risk to the consumer and the organization.

Continue reading "Red Flag Compliance Deadline Extended"

Business owners already have a lot to worry about regarding changing tax laws and employee wage laws, now they have to add Payment Card Industry Data Security Standards Compliance to the mix. PCI Compliance has evolved with each passing year. Business owners are already up against rules, restrictions, and deadlines that are added every year. Some feel that compliance is expensive or too hard to achieve, but achieving PCI Compliance does not have to be difficult.

PCI Compliance is a key element in protecting card holder data. So how can your business stay compliant without breaking the bank?

Continue reading "How Do Business Owners Keep Up With New Compliance Rules Each Year?"

Secure Electronic Transactions (SET) is an open protocol which has the potential to play a large role and dominate the market in providing secure electronic transactions. Jointly, Visa and MasterCard and vendors such as IBM have worked to create SET as an open standard for protecting the privacy, and ensuring the authenticity, of electronic transactions. SET is critical to the success of electronic commerce over the Internet; without having a system for authenticating consumers and merchants, it leaves all parties involved vulnerable. Security measures need to come from the top down, and bring uniformity to each industry. SET may sound like a necessity, but has not been popular in the United States.

Consumers in the United States spend billions of dollars over the internet each year, and it is reported by MasterCard that the majority of the purchases are made without using SET. Most merchants who sell over the internet are using Secure Sockets Layer (SSL) for their internet stores. Typically this would be enough, but fraud is on the rise.  The economy is contributing to increased instances of internet theft and identity theft.

Continue reading "SET Technology is Back on Visa and MasterCard’s Plate"

Merchant Services Providers and merchants have been hearing about PCI Compliance for the past few years. Sometimes there is a lack of understanding about what is needed to become PCI compliant. We come across information online or by word of mouth, and it may not always be correct. Some say it’s better to be safe than sorry, so make sure to do your research.

Some online merchants think if they select a PCI Compliant gateway and shopping cart that they are automatically PCI Compliant. It is important that online merchants remember that physical location security and written policy is part of the process as well. Merchants are required to submit a SAQ (Self Assessment Questionnaire) to their acquirer once a year, but just submitting the SAQ may not be enough. It is also important that employees undergo training on security policies. Businesses must have ongoing assessment and remedies.

Merchants may think that PCI Compliance is for large businesses and may be too expensive for the average small retailer; however fines from noncompliance are much greater. Businesses will not only lose out on audit fees but also will have to consider a loss of reputation. Even if you are a smaller business, you are still required to be PCI Compliant regardless of the volume your business does.

Continue reading "What Does PCI Really Mean to the Average Business Owner?"