“Security” Posts

What Is PCI DSS?

What Is PCI DSS?

PCI DSS stands for the Payment Card Industry Data Security Standard. Any business or organization that processes, stores or transmits cardholder data is required to adhere to PCI DSS. The credit card brands (Visa, MasterCard, Discover and Amex) created these security standards to prevent fraud and instate industry-wide standards. PCI DSS is updated every year to ensure that it addresses vulnerabilities and reflects new technologies. But it can be both costly and challenging to meet PCI DSS requirements. We’ll dive into the associated costs and methods of getting PCI DSS-certified, along with tips to reduce your exposure. PCI DSS…

PCI Security: Time and Costs to Reach Compliance

PCI Security: Time and Costs to Reach Compliance

In 2017, Target completed a multi-state settlement for $18.5 million stemming from a massive 2013 data breach that exposed customer credit card data (over 40 million records) and contact information (over 70 million records). Target's security was called into question, but it was actually an issue with its outside services: an HVAC supplier was noncompliant with the Payment Card Industry Data Security Standard (PCI DSS). This incident highlights the importance of PCI compliance, both internally and in association with your service providers, such as your Payment Processor. PCI compliance is becoming an even more pertinent topic of conversation in…

How to Process Credit Card Payments After Signature Rule Change

How to Process Credit Card Payments After Signature Rule Change

In late 2017 and early 2018, the card brands revealed a major change to their long-held signature requirements for credit card transactions. MasterCard, Discover and Amex announced they would no longer require signatures for magstripe and EMV transactions beginning in April 2018. Visa announced that signatures would still be required in the event of a chargeback dispute for magstripe transactions, but would be optional for EMV. There are a few motivations for this protocol change. The card brands want to reduce payment friction and hope that eliminating a step in the payment process will entice merchants to upgrade to EMV-ready…

Experiencing TLS Issues? Here's Why

Experiencing TLS Issues? Here's Why

Right now, if you’re using the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) 1.0 protocols, you’re at risk for a data breach. A number of vulnerabilities have been found in this early encryption protocol, causing the card brands to require a security upgrade in order for businesses to meet the Payment Card Industry Data Security Standards (PCI DSS) moving forward. But first, what exactly is TLS? It’s a cryptographic protocol that helps establish secure communication between two systems. It authenticates the systems and protects the confidentiality of the information passing between them. This update…

How the Way We Take Credit Card Payments Will Change

How the Way We Take Credit Card Payments Will Change

We’re all familiar with paper receipts. They’re so ubiquitous that you likely have one in your pocket or in your purse as you read this. For customers, they constitute a proof of purchase in case they want a refund or wish to verify the transaction amount against their credit card statements. For businesses, they provide the only evidence that a credit card payment was authorized, which is why businesses are weighed down by paper receipt copies — sometimes up to seven years’ worth — that are filed, boxed and stored. Signatures have historically been important to how we take credit…