“Security” Posts

How Retailers Can Reduce Risk and Ease PCI DSS Compliance

How Retailers Can Reduce Risk and Ease PCI DSS Compliance

The retail industry is one of the most targeted industries for cyberattacks and data breaches. In fact, research shows that retail suffers more data breaches than the financial services, insurance and hospitality industries. Cybercriminals and hackers target retailers because they know they can easily get their hands on consumers’ personally identifiable information (PII), especially payment card data. As a result, we’ve all witnessed the headlines for large-scale data breaches at top retailers such as Target and Home Depot, which have negatively affected millions of consumers. These breaches have costly repercussions for retailers, who end up paying fines, legal fees…

What Are AVS and CVV?

What Are AVS and CVV?

When a customer visits your business and pays with a credit card, it’s fairly easy to confirm the legitimacy of the purchase. A diligent cashier could ask to see photo ID to confirm that the person in front of her is, in fact, the cardholder. The name and face should match. However, for card-not-present transactions, merchants must manually key in the credit card number. Verifying the purchaser’s identity is more difficult when you can’t verify it with an ID. Let’s face it: It would be unreasonable to jump on Skype to see each of your online…

What Is PCI DSS?

What Is PCI DSS?

PCI DSS stands for the Payment Card Industry Data Security Standard. Any business or organization that processes, stores or transmits cardholder data is required to adhere to PCI DSS. The credit card brands (Visa, MasterCard, Discover and Amex) created these security standards to prevent fraud and instate industry-wide standards. PCI DSS is updated every year to ensure that it addresses vulnerabilities and reflects new technologies. But it can be both costly and challenging to meet PCI DSS requirements. We’ll dive into the associated costs and methods of getting PCI DSS-certified, along with tips to reduce your exposure. PCI DSS…

PCI Security: Time and Costs to Reach Compliance

PCI Security: Time and Costs to Reach Compliance

In 2017, Target completed a multi-state settlement for $18.5 million stemming from a massive 2013 data breach that exposed customer credit card data (over 40 million records) and contact information (over 70 million records). Target's security was called into question, but it was actually an issue with its outside services: an HVAC supplier was noncompliant with the Payment Card Industry Data Security Standard (PCI DSS). This incident highlights the importance of PCI compliance, both internally and in association with your service providers, such as your Payment Processor. PCI compliance is becoming an even more pertinent topic of conversation in…

How to Process Credit Card Payments After Signature Rule Change

How to Process Credit Card Payments After Signature Rule Change

In late 2017 and early 2018, the card brands revealed a major change to their long-held signature requirements for credit card transactions. MasterCard, Discover and Amex announced they would no longer require signatures for magstripe and EMV transactions beginning in April 2018. Visa announced that signatures would still be required in the event of a chargeback dispute for magstripe transactions, but would be optional for EMV. There are a few motivations for this protocol change. The card brands want to reduce payment friction and hope that eliminating a step in the payment process will entice merchants to upgrade to EMV-ready…