Skip to main content

Coping with compliance: a retailer’s guide to PCI

By Patrick Juan, Director, Solutions Consultants, Ingenico Enterprise Retail

Every day retailers are faced with new regulations – and acronyms – to get their heads round. As tricky as these seem at first, they’re crucial to creating a safe and seamless business environment for merchants and consumers alike. As such, it’s important to get a better understanding of exactly what they entail. One industry body sets the standard for regulations for the payments industry, the Payment Card Industry Security Standard Council (PCI SSC). However it can be somewhat of a minefield for retailers, so let’s take a look at exactly what PCI is, and other FAQs on the topic.

What is PCI?

In a nutshell, PCI defines a compliance framework for security that merchants must comply with, in order to be allowed to take card payments in their physical and digital stores. Without this compliance, retailers may struggle to find an acquirer to partner with, and may also be fined by card schemes indirectly through the acquirers. The total value of card transactions they process determines the level of compliance needed.

As with most regulations when it comes to non-compliance, there can be hefty monetary implications, both in the form of fines and extra costs when processing card payments. In fact, if a retailer suffers a data breach and they’re not PCI compliant, they may be liable to especially large fines – we have seen some of the UK’s biggest retailers be slapped with fines reaching the £10 million mark and above.

What are the main PCI need-to-knows for merchants?

Merchants should be aware that there are two primary standards of PCI – PCI PIN Transaction Security (PCI PTS) for payment terminals, and PCI Data Security Standard (PCI DSS) for payment gateways in-store and online. This distinction is important to understand as the PCI compliance you need will depend on your retail system.

Additionally, merchants will need to think about how they manage their payments assets. For example, it’s important not to manage sensitive data such as the card number or CV2 numbers. In order to do this, they should think about employing a PCI Point to Point Encryption (P2PE) solution. P2PE means that the card data is encrypted at source on the PIN pad and stays encrypted until it reaches a PCI DSS environment, usually a PCI DSS compliant gateway. By using a compliant PCI P2PE solution, the merchant PCI compliance burden is significantly reduced.

It may sound complicated but there’s no need to panic – there are experts available to help businesses through the process and answer any queries they may have.

How can retailers ensure compliance?

The PCI standards update every three years, and compliance must be kept in check and reported on every year. Large businesses will need to work alongside specialist consultants called Qualified Security Assessors (QSAs) who ensure that merchants uphold the 290 requirements defined by the PCI Council. To uphold the requirements, retailers can put certain measures in place, such as network scans, penetration tests and staff training, while ensuring their payment devices are also managed properly.

How can Ingenico Enterprise Retail help?

Ingenico Enterprise Retail payment gateways, both in-store and online, have upheld the highest level of PCI DSS for many years. Our in-store payment gateway was one of the first to be fully PCI P2PE compliant. So, when a retailer uses an Ingenico P2PE solution, the burden reduces from meeting over 290 requirements to filling in a short self-assessment questionnaire under the direction of a QSA.

Retailers can also benefit from Ingenico CRM tokens, which protect consumers’ sensitive details while still allowing the business access to other important data. This enables merchants to track and understand their customers behaviours, both online and in-store without handling any sensitive data..

To learn more about PCI or to find out how your company can benefit from the same assurances, visit www.ingenico.com/omnichannel.



from A1 Retail Magazine https://ift.tt/2w35KDk
via IFTTT
Labels:

Comments

Post a Comment

Popular posts from this blog

Eagle Labs launches impirica CBD brand

ST. PETERSBURG, Fla. — Eagle Labs has launched impirica, a new brand of CBD intended to eliminate consumer fear, and increase confidence, in trying the exciting new cannabidiol category. Michael Law Although most Americans have now heard about CBD, many are very confused and concerned about product quality. This is inhibiting trial in the category and holding back conversion into sales. In fact, a 2017 study by Johns Hopkins University found that two out of three CBD products on the shelf did not contain the amount of CBD reflected on the label. Furthermore, in 2018 and 2019, the FDA sent notices to a substantial number of CBD manufacturers advising them of serious concerns about product quality or egregious medical claims. The impirica brand looks different than most CBD brands — the brand name itself connotes testing and trust, says Eagle Labs chief commercial officer Michael Law. “It doesn’t use the traditional category colors of browns and greens, and you won’t find a hemp...
68 comments
Read more

Coronavirus Recovery: Canadian Small Businesses Must Focus on Easing Employee, Customer Fears

By M. Tina Dacin and Laura Rees A small business has been  given the green light to reopen amid the COVID-19 pandemic . What does it need to consider for employees and customers? Small business owners are reorganizing physical space to account for continued distancing requirements and rethinking supply chains to deliver products and services in new ways to meet changing demand patterns. But they must not forget the hearts and minds of employees and customers. That doesn’t mean replacing a focus on the bottom line, but it helps address the need for a new set of expectations and ways of communicating in terms of product or service offerings, delivery methods and real-time feedback. Based on our expertise in organizational behaviour and past research we’ve conducted, we provide a set of recommendations to help small businesses thrive in our new COVID-19 economy by looking after the hearts and minds of the people most important to businesses — employees and customers. Fear, Anxi...
1 comment
Read more

World's 1st Pizza Subscription Service Launches in Toronto

general assembly subscription user opening delivery box of pizza. photo: general assembly pizza By Mario Toneguzzi Toronto-based General Assembly Pizza has launched what it describes as the world’s first pizza subscription service as it also plans to aggressively expand its product offering in the near future by opening a new concept in the market. "Since opening our doors in 2017, we have pushed for the best guest-experience possible — that's why our dough is 100 percent naturally leavened, that's why we have a purpose-built 400-square-foot pick-up and delivery area, and that's why we’ve launched a direct-to-consumer subscription-based ecommerce platform,” said Founder & CEO Ali Khan Lalani. “In 2020, providing the best guest experience means General Assembly Pizza has to be more than a restaurant. I'm proud to say that after almost six months of planning, many roadblocks, and countless pivots — all while maintaining our day-to-day restaurant operatio...
1 comment
Read more