Skip to main content

Coping with compliance: a retailer’s guide to PCI

By Patrick Juan, Director, Solutions Consultants, Ingenico Enterprise Retail

Every day retailers are faced with new regulations – and acronyms – to get their heads round. As tricky as these seem at first, they’re crucial to creating a safe and seamless business environment for merchants and consumers alike. As such, it’s important to get a better understanding of exactly what they entail. One industry body sets the standard for regulations for the payments industry, the Payment Card Industry Security Standard Council (PCI SSC). However it can be somewhat of a minefield for retailers, so let’s take a look at exactly what PCI is, and other FAQs on the topic.

What is PCI?

In a nutshell, PCI defines a compliance framework for security that merchants must comply with, in order to be allowed to take card payments in their physical and digital stores. Without this compliance, retailers may struggle to find an acquirer to partner with, and may also be fined by card schemes indirectly through the acquirers. The total value of card transactions they process determines the level of compliance needed.

As with most regulations when it comes to non-compliance, there can be hefty monetary implications, both in the form of fines and extra costs when processing card payments. In fact, if a retailer suffers a data breach and they’re not PCI compliant, they may be liable to especially large fines – we have seen some of the UK’s biggest retailers be slapped with fines reaching the £10 million mark and above.

What are the main PCI need-to-knows for merchants?

Merchants should be aware that there are two primary standards of PCI – PCI PIN Transaction Security (PCI PTS) for payment terminals, and PCI Data Security Standard (PCI DSS) for payment gateways in-store and online. This distinction is important to understand as the PCI compliance you need will depend on your retail system.

Additionally, merchants will need to think about how they manage their payments assets. For example, it’s important not to manage sensitive data such as the card number or CV2 numbers. In order to do this, they should think about employing a PCI Point to Point Encryption (P2PE) solution. P2PE means that the card data is encrypted at source on the PIN pad and stays encrypted until it reaches a PCI DSS environment, usually a PCI DSS compliant gateway. By using a compliant PCI P2PE solution, the merchant PCI compliance burden is significantly reduced.

It may sound complicated but there’s no need to panic – there are experts available to help businesses through the process and answer any queries they may have.

How can retailers ensure compliance?

The PCI standards update every three years, and compliance must be kept in check and reported on every year. Large businesses will need to work alongside specialist consultants called Qualified Security Assessors (QSAs) who ensure that merchants uphold the 290 requirements defined by the PCI Council. To uphold the requirements, retailers can put certain measures in place, such as network scans, penetration tests and staff training, while ensuring their payment devices are also managed properly.

How can Ingenico Enterprise Retail help?

Ingenico Enterprise Retail payment gateways, both in-store and online, have upheld the highest level of PCI DSS for many years. Our in-store payment gateway was one of the first to be fully PCI P2PE compliant. So, when a retailer uses an Ingenico P2PE solution, the burden reduces from meeting over 290 requirements to filling in a short self-assessment questionnaire under the direction of a QSA.

Retailers can also benefit from Ingenico CRM tokens, which protect consumers’ sensitive details while still allowing the business access to other important data. This enables merchants to track and understand their customers behaviours, both online and in-store without handling any sensitive data..

To learn more about PCI or to find out how your company can benefit from the same assurances, visit www.ingenico.com/omnichannel.



from A1 Retail Magazine https://ift.tt/2w35KDk
via IFTTT
Labels:

Comments

Post a Comment

Popular posts from this blog

Eagle Labs launches impirica CBD brand

ST. PETERSBURG, Fla. — Eagle Labs has launched impirica, a new brand of CBD intended to eliminate consumer fear, and increase confidence, in trying the exciting new cannabidiol category. Michael Law Although most Americans have now heard about CBD, many are very confused and concerned about product quality. This is inhibiting trial in the category and holding back conversion into sales. In fact, a 2017 study by Johns Hopkins University found that two out of three CBD products on the shelf did not contain the amount of CBD reflected on the label. Furthermore, in 2018 and 2019, the FDA sent notices to a substantial number of CBD manufacturers advising them of serious concerns about product quality or egregious medical claims. The impirica brand looks different than most CBD brands — the brand name itself connotes testing and trust, says Eagle Labs chief commercial officer Michael Law. “It doesn’t use the traditional category colors of browns and greens, and you won’t find a hemp...
70 comments
Read more

Sagar Daryani, CEO and Co-founder – Wow! Momo & Saga: From a Kiosk to a Kingdom

Sagar Daryani’s entrepreneurial odyssey from humble beginnings to pioneering success has redefined the landscape of food startups in India. Co-founding Wow! Momo, he has spearheaded the growth of the largest indigenous QSR chain in the country, crafting a remarkable saga of triumph The Genesis: A Visionary Venture Takes Root In 2008, armed with a mere Rs. 30,000 and boundless ambition, Sagar Daryani and Binod Homagai embarked on their entrepreneurial journey while still pursuing their graduation in B.Com Hons from St. Xavier’s College, Kolkata, even before their college results were out. They knew the value for money and boot-strapped to plough back profits and grow their venture. Sagar spearheaded brand expansion, brand creation, and marketing and retail operations. Grew across the city with a strong consumer focus. The early days were hard but keeping track of the money flow was even harder. Believing in the concept of ‘1 rupee saved is 5 rupees earned’, and the lessons they lear...
1 comment
Read more

Homegrown ice cream chain HOCCO to open 250 stores, eyes Rs 400 crore by FY26

Ankit Chona, Founder and Managing Director of HOCCO, delves into the company’s revenue model, growth strategies, and vision for the future… Bengaluru: HOCCO (House of Chonas Collaborative) , the Ahmedabad-based ice cream and quick-service restaurant (QSR) chain, boasts a rich legacy spanning over 70 years, with roots tracing back to pre-independence India. The Chona family has been deeply entrenched in the food industry since 1944, originally operating in undivided Pakistan. Following the Partition, Satish Chona , an engineer with British Overseas Airways Corporation, relocated from Karachi to India. After journeying through multiple cities, he ultimately settled in Ahmedabad, where he established his first QSR outlet in 1953. Three decades later, he expanded into the casual dining segment, launching a restaurant in Baroda while continuing the family’s ice cream manufacturing business. However, in 2017, the company sold its ice cream division to a South Korean firm, shifting its fo...
Post a Comment
Read more