|
|||
|
|
|||||||||||||||||||||||||
In response to credit card fraud that has cost
retailers hundreds of millions of dollars, the
Payment Card Industry has established Data
Security
Standards (PCI DSS) that are affecting every
business
that accepts credit card payments.
The card brands are very serious about
compliance
with these new regulations. MasterCard has
announced fees of up to $25,000 for merchants
who
are non-compliant. Some fees are as high as
$50,000.
You can download a complete description of
the new
standards from the PCI at:
PCI DSS Standards
The high level overview is as follows:
Build and Maintain a Secure Network
Protect Cardholder Data
Maintain a Vulnerability Management
Program
Implement Strong Access-Control Measures
Regularly Monitor and Test Networks
Maintain an Information Security Policy
CVV code (Card Verification Value)
This is
not part of the PCI DSS but I want to add a
word of
caution about CVV. This is a
new authentication procedure established by
credit
card companies to further efforts toward
reducing
fraud. We've had some questions about
storing this
number. The CVV code is used to verify that
the card
is
physically in hand. This means that the CVV
code can
never be stored. Yes, you get a better rate
if you enter
the CVV number because that means that the
actual
cardholder is providing this information to
you. Just
as you get a better rate if you swipe the
card. But
storing the CVV number is strictly
prohibited. It
violates the whole purpose of establishing
the CVV
code
|
||||
We wanted to provide our customers with the best
possible solution to this problem. One
solution would
be to take the steps necessary to try to
protect the
credit card information on your computer. A
better
solution is to completely
eliminate the liability of storing sensitive
data by
removing all credit card information from your
computer. That's what our partnership with
Element
Payment Systems allows us to do.
Element has the real experts in this field.
They
founded their company and developed their
software
just to address this issue. Their members
sit on the
PCI Security Standards Council. And their
processing
platform is Level One PCI DSS compliant, the
highest
rating for credit card security.
How does it work? When your customer
walks in to make a payment with a credit
card, you go
to the Space Control payment screen. When
you click
on credit card, Space Control takes you to the
Element
secure server. The card is swiped in your new
encrypted card reader and sent directly to
the Element
processing platform. Every step is secure,
encrypted,
and protected. None of the credit card
information is
accessed by or stored in your computer or the
Space
Control program.
Automatic credit card payments The same
kind of process happens for automatic
monthly payments. Space Control takes you to
Element's secure server to enter the credit card
number and expiration date. Element stores that
sensitive information and returns a unique
reference
pointer to Space Control. That's the only
thing stored
on your computer---a 32 character alpha-numeric
token that is unique for each customer. All
future
transactions are transmitted using that
reference
pointer.
ACH We've also included ACH (Automated
Clearing House) in our partnership with Element
Payment Systems. This allows you to set up
automatic monthly payments that are made
directly
from your customers' checking accounts.
This can
save money because ACH charges are less than
credit card charges.
|
||
If you invoice customers, you can save a lot of money
on postage if you email the invoices instead of mailing
a hard copy. The newest version of NX.gen does not
even print a hard copy if you have an email address for
that customer.
Many Space Control users invoice only business
accounts or those customers who request an invoice.
They also charge those customers a buck, or two, or
three. But, for those facilities that invoice all their
customers, and at no extra charge, the option to email
invoices can make a big difference in reducing your
costs and getting paid more quickly.
Contact our Support Department to find out
about the new version of NX.gen.
Call 877-591-0455 or email
support@spacecontrol.com.
|
||
Winter, and the news is full of bad weather all across the country. We're getting lots of rain here in California but they tell us it's good for the drought. Only our friends "down under" have good weather in February.
Ramona Taylor
Space Control Systems, Inc.
email:
rtaylor@spacecontrol.com
phone:
1-800-455-9055
|