Learning Center
Plans & pricing Sign in
Sign Out

Free Payment Visa Credit Card


Free Payment Visa Credit Card document sample

More Info
									Visa Puts Credit Security on You
New credit card security standards focus on what happens to the data after consumers
pay with plastic. Are you compliant? By Barney Wolf

Credit card giant Visa is requiring restaurants and other merchants in the U.S. to meet stronger
security standards for the payment software they use.
    The mandate that went into effect July 1 is the last in a series of rules that Visa put into place in
an effort to secure sensitive information after a credit or debit card transaction is authorized.
    Merchants could be subject to fines if they don’t abide by the new rule, which requires third-
party payment-application software to prohibit the storage of magnetic-stripe, personal
identification number (PIN), or other authentication data.
    The mandate doesn’t pertain to merchants using in-house-developed payment applications,
stand-alone hardware terminals, or PIN-entry devices.
    The cost of meeting the requirement depends on the software a restaurant uses, says Wenlock
Free, vice president of business development for SecurityMetrics Inc., a Utah-based firm that helps
businesses comply with data-security standards.
    “It may be just an inexpensive change, especially if the software is relatively recent,” he says,
noting much of the newer software already meets standards. “But if the restaurant has been driving a
Model T in terms of software, there may be a lot of upgrades that are required.”
    Banks, point-of-sale (POS) systems, and data processors also must comply with the Payment
Application Data Security Standard (PA-DSS).
Data theft is a major financial problem worldwide. According to research by Verizon
Communications Inc., 285 million records were compromised in 2008.
    Another study, the 2010 Global Security Report prepared for data-security company Trustwave,
found that third-party vendors or their software were responsible for more than 81 percent of
investigations of a security incident or compromise last year.
    Payment-application software typically stores, processes, or transmits cardholder data as part of
the authorization or settlement of a card transaction. The applications are traditionally used for POS
systems and usually designed for PC-based architecture.
    Restaurants’ payment applications are often integrated, but with other computer solutions for
everything from menu updates to purchasing and back-office functions. According to Visa, these
integrated systems are the most common targets under attack by criminals.
    As a result, “the goal is to make sure all these payment applications are secure,” says Jennifer
Fischer, senior business leader for U.S. payment system risk at Visa, which has more than 5 million
American merchant locations and was the first to establish mandates.
    “We want to be certain that merchants are using applications that comply with industry
standards and not using applications that may introduce vulnerabilities” to both the individual
business and card-payment systems, she says.
    The standards were developed by the Payment Card Industry Security Standards Council, an
organization founded in 2006 by Visa, American Express, Discover, JCB, and MasterCard to create
consistent security guidelines for credit and debit cards.
    “Our one focus is to protect card data, how it’s stored, processed, and transmitted,” says Robert
Russo, the council’s general manager. “We just set the standards.” The card companies determine
mandates and deadlines.
    Lists of hundreds of validated payment applications are available from the council online or at
Visa’s website.
    If a merchant has payment-application software that is not on the approved list, the business
should call the third-party vendor and find out why, Russo says.
    The National Restaurant Association (NRA) released a statement from David Gilbert, chief
operating officer, expressing that the organization is following the rule changes closely.
    The association “has been extremely active in pushing the education of both members and the
industry, including education sessions last month at the NRA Show in Chicago,” Gilbert says. “The
change will be difficult for all restaurants.”
    The statement blamed the credit card industry for being “slow and ineffective in addressing the
data risk, and they are pushing responsibility, liability at every opportunity to merchants.”
    But most experts say it is in a restaurant’s best interest to have secure payment applications, with
or without mandates. After all, a business that suffers a security breach may be fined, but it could
face an even more serious, longer-lasting problem: the loss of customer confidence and damage to
the merchant’s reputation.

To top