150 likes | 156 Views
Tech Forum 2013 PCI Compliance. What is it ?. A set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment. Essentially any merchant that has a Merchant ID (MID). What isn’t it ?.
E N D
What is it ? A set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment. Essentially any merchant that has a Merchant ID (MID).
What isn’t it ? • PCI is not, in itself, a law. The standard was created by the major card brands • merchants that do not comply with PCI DSS may be subject to fines, card replacement costs, forensic audits, brand damage etc., should a breach event occur
Basic Facts • launched on September 7, 2006 • focus on improving payment account security throughout the transaction process • administered and managed by the PCI SSC (www.pcisecuritystandards.org), an independent body that was created by the major payment card brands
Coverage • In-scope cards include any debit, credit, and pre-paid cards branded with one of the five card association/brand logos that participate in the PCI SSC - American Express, Discover, JCB, MasterCard, and Visa International
Why do it – the positive • your systems are secure • customers can trust you with their sensitive payment card information • improves your reputation with acquirers and payment brands • helps prevent security breaches and theft of payment card data • Compromised data negatively affects consumers, merchants, and financial institutions
Why do it – avoid the negative • one incident can severely damage your reputation • Possible negative consequences also include: • Lawsuits • Insurance claims • Cancelled accounts • Payment card issuer fines • Government fines
What are the penalties for noncompliance? • Acquiring banks are fined and typically pass the fines on • Transaction fees may increase • Bank relationship could be terminated • Check your merchant agreement
The Banks • Most banks advertise a policy • Information should be available online • Talk to your account manager • The Reserve Bank: • Any merchant that is not PCI DSS compliant can potentially be prevented from processing card payments
What the banks say - Westpac • Being compliant to the PCIDSS forms part of your merchant agreement • Westpac will review your transaction count annually and should we require you to validate compliance as a Level 1, 2 or 3 merchant we will advise you accordingly. • At all times, the Westpac PCIDSS Levels will take precedence over MasterCard and Visa levels for our merchants.
ANZ • As a merchant, it is vital to protect your customers as well as your business against misuse of credit & debit account information. It is essential that you do not store prohibited cardholder data such as magnetic stripe data (track data) and Customer Verification Value (CVV) after a transaction is completed.
thankQ Processing • To store Credit Card details or not ? • Options for storing them outside of your business: • Macquarie • SecurePay • Remember the paperwork