A SIMPLE EXPLANATION OF A COMPLEX SOLUTION
Whether you are a retailer, ecommerce player or any type of merchant you most likely are accepting credit and debit cards as a means of payment. PCI DSS (Payment Card Industry Data Security Standard) was created by the PCI Standards Security Council which represents MasterCard, Visa, JCB International, American Express and Discover. PCI applies to all merchants and is intended to ensure the security of stored and processed card data within all environments.
Whether you are a retailer, ecommerce player or any type of merchant you most likely are accepting credit and debit cards as a means of payment. PCI DSS (Payment Card Industry Data Security Standard) was created by the PCI Standards Security Council which represents MasterCard, Visa, JCB International, American Express and Discover. PCI applies to all merchants and is intended to ensure the security of stored and processed card data within all environments.
Card Data can be like cash. If you can get your hands on it you can spend it. PCI DSS helps to protect this data thus reducing risk exposure and card data access. Being PCI does not guarantee data security or absolute prevention from hackers gaining access to this data but rather encompasses an approach in view of a merchants business model and requirements helping aid in the protection the card holder / consumer.
Another common misconception is the belief that a merchant is PCI compliant through their own best practice methods and database encryption. Non PCI compliance can have large financial implications to merchants with fines ranging between US$5000 to US$500,000 based on the level of non compliance. The PCI Security Standards Council is an open global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection. (https://www.pcisecuritystandards.o rg)
Outside of the PCI checklist, the card associations have established Quality Security Assessors (QSA) to aid in the assessment of merchants. Further to this Approved Scanning Vendors (ASV) have been established to identify vulnerabilities and misconfigurations within the merchants payment process.
What is it going to cost me?
Along with rules come regulations and with regulations comes adherence to an extensive range of audits, procedures and costs that merchants don't want to hear.It is estimated that two billion dollars have been spent up to date on PCI compliancy. Stop. Take a breath. There is good news coming. Most of the PCI costs incurred result from Level 1 through Level 3 requirements which does not necessarily apply to all merchants. In fact, most merchants will fall into Level 4 category only requiring them to do an annual PCI Self Assessment. Merchants in Level 4 category can avoid quarterly network scans if they have chosen a 3rd party payment processor to process and store card detail which excludes them from the most crucial part of the compliancy process. Think about it, why manage the PCI process, incur the cost and create the exposure in an area of your business that is not required nor lies in your key competencies.
3rd Party payment processors can process and store card transactions of online payments, recurring billing, Mail Order / Telephone Order payments, EFT integrated Point of Sale and Stand Alone devices without taking away core functionality from the merchant. In all of these payment methods, card details can be replaced on the merchant system with unique reference numbers allowing merchants to retain control over Transaction Management without storing any card detail.
MyGate's payment platform enables merchants to easily integrate into a payment solution that can be built around their specific requirements without the merchant getting involved with card detail. It is crucial for merchants to retain real time access to all components of the transaction process including authorization, settlement, reverse authorization, manual authorization codes, refunds and chargeback management.
Contact MyGate on 021 555 3260 if you are unsure whether your merchant solution is compliant.