Newsletter for Winter 2009/2010
February 2010 - Issue 10
In This Issue
Quick Links

This issue is all about the new credit card standards from the Payment Card Industry. They're trying to address credit card fraud and theft by creating standards for the handling, storing, and transmission of credit card data.

Space Control has a solution for safe storage---don't even store credit card information on your computer at all. If the data isn't there, no one can get it. See article two below for how it's done.

New Credit Card Regulations
In response to credit card fraud that has cost retailers hundreds of millions of dollars, the Payment Card Industry has established Data Security Standards (PCI DSS) that are affecting every business that accepts credit card payments.

The card brands are very serious about compliance with these new regulations. MasterCard has announced fees of up to $25,000 for merchants who are non-compliant. Some fees are as high as $50,000.

You can download a complete description of the new standards from the PCI at: PCI DSS Standards The high level overview is as follows:

Build and Maintain a Secure Network
  • Install and maintain a firewall configuration to protect cardholder data.
  • Do not use vendor-supplied defaults for system passwords and other security parameters.

Protect Cardholder Data
  • Protect stored cardholder data.
  • Encrypt transmission of cardholder data across open, public networks.

Maintain a Vulnerability Management Program
  • Use and regularly update anti-virus software.
  • Develop and maintain secure systems and applications.

Implement Strong Access-Control Measures
  • Restrict access to cardholder data by business need-to-know.
  • Assign a unique ID to each person with computer access.
  • Restrict physical access to cardholder data.

Regularly Monitor and Test Networks
  • Track and monitor all access to network resources and cardholder data.
  • Regularly test security systems and processes.

Maintain an Information Security Policy
  • Maintain a policy that addresses information security.

CVV code (Card Verification Value) This is not part of the PCI DSS but I want to add a word of caution about CVV. This is a new authentication procedure established by credit card companies to further efforts toward reducing fraud. We've had some questions about storing this number. The CVV code is used to verify that the card is physically in hand. This means that the CVV code can never be stored. Yes, you get a better rate if you enter the CVV number because that means that the actual cardholder is providing this information to you. Just as you get a better rate if you swipe the card. But storing the CVV number is strictly prohibited. It violates the whole purpose of establishing the CVV code
The Best Solution
Element Logo
We wanted to provide our customers with the best possible solution to this problem. One solution would be to take the steps necessary to try to protect the credit card information on your computer. A better solution is to completely eliminate the liability of storing sensitive data by removing all credit card information from your computer. That's what our partnership with Element Payment Systems allows us to do.

Element has the real experts in this field. They founded their company and developed their software just to address this issue. Their members sit on the PCI Security Standards Council. And their processing platform is Level One PCI DSS compliant, the highest rating for credit card security.

How does it work? When your customer walks in to make a payment with a credit card, you go to the Space Control payment screen. When you click on credit card, Space Control takes you to the Element secure server. The card is swiped in your new encrypted card reader and sent directly to the Element processing platform. Every step is secure, encrypted, and protected. None of the credit card information is accessed by or stored in your computer or the Space Control program.

Automatic credit card payments The same kind of process happens for automatic monthly payments. Space Control takes you to Element's secure server to enter the credit card number and expiration date. Element stores that sensitive information and returns a unique reference pointer to Space Control. That's the only thing stored on your computer---a 32 character alpha-numeric token that is unique for each customer. All future transactions are transmitted using that reference pointer.

ACH We've also included ACH (Automated Clearing House) in our partnership with Element Payment Systems. This allows you to set up automatic monthly payments that are made directly from your customers' checking accounts. This can save money because ACH charges are less than credit card charges.
Did you know?
If you invoice customers, you can save a lot of money on postage if you email the invoices instead of mailing a hard copy. The newest version of NX.gen does not even print a hard copy if you have an email address for that customer.

Many Space Control users invoice only business accounts or those customers who request an invoice. They also charge those customers a buck, or two, or three. But, for those facilities that invoice all their customers, and at no extra charge, the option to email invoices can make a big difference in reducing your costs and getting paid more quickly.

Contact our Support Department to find out about the new version of NX.gen. Call 877-591-0455 or email support@spacecontrol.com.

Winter, and the news is full of bad weather all across the country. We're getting lots of rain here in California but they tell us it's good for the drought. Only our friends "down under" have good weather in February.

Ramona Taylor
Space Control Systems, Inc.

phone: 1-800-455-9055