Technology, Point of Sale and Inventory Specialists
Compliance
PCI Webinar
Feb 21st
As previously stated by IMS, it is very important to be PCI Compliant according to the credit card standards. Please consider attending the following webinars that relate to PCI compliancy:
Join Bob Russo, General Manager, PCI Security Standards Council, for Detailed Overview of PCI SSC Training Programs for 2011.
This Presentation Will Outline:
- Overview of the PCI SSC Council training programs
- Detailed look at the course offerings, including who should attend, pre-requisites and topics covered
- Review of 2011 PCI SSC training calendar, locations and costs
- Training FAQ – a quick look at some of your frequently asked questions
Following public release of the PCI SSC 2011 Training Calendar, the Council´s General Manager, Bob Russo, will provide a detailed overview the Council’s training offerings and highlight those courses new for this year.
To view the PCI Security Standards Council, LLC. website, please click HERE (https://www NULL.pcisecuritystandards NULL.org/training/webinars NULL.php )
To sign up for the Tuesday, February 22, 2011 at 3:00pm EST webinar, click HERE (http://register NULL.webcastgroup NULL.com/l3/?wid=0500222115537)
To sign up for Thursday, February 24, 2011 at 11:00pm EST webinar, click HERE (http://register NULL.webcastgroup NULL.com/l3/?wid=0500224115539)
*Please note that this webinar is NOT affiliated with International Micros Systems, Inc. (IMS)
Credit Card Compliance
Oct 20th
Is your company currently in compliance with the PCI, PABP, PA-DSS regulations?
This is an official notice from International Micro Systems, Inc. (IMS) to make you aware of the recent changes in Credit Card compliancy regulations and how they affect your Retail Pro POS system. Many recent changes regarding payment processing solutions may require changes to your Retail Pro system and overall business operations.
Why do I need to be compliant?
Compliance is mandated by the payment card brands and not by the PCI Security
Standards Council. However, for most merchants, the deadlines for validating
compliance with the PCI DSS have already passed. You should check with your acquire and/or merchant bank to check if any specific deadlines apply to you, based on merchant transaction volume (level) as determined by the card payment brands. All entities that transmit, process or store payment card data must be compliant with PCI DSS.
What happens if I am non-compliant?
Any fines and/or penalties associated with non-compliance with the PCI DSS and/or confirmed security breaches are defined by each of the payment card brands. Fines may reach up to $50,000 per incident and you may lose the right to process credit card transactions for your customers.
What can I do from a Retail Pro perspective to ensure I am compliant?
In order to ensure compliance via Retail Pro, it is necessary to upgrade your current software to:
- Version 8.6 or Version 9.2 (or later)
- PCI-DSS Compliant Versions according to the credit card companies (Shift4 or RBS Link).
- Run the ‘Software Tool’ that comes with version 8.6 or 9.2 to encrypt all of the credit card information that is currently stored into your systems.
**Please note that PC Charge, Credit Pro and/or PPM are NOT complaint, nor they will be because Retail Pro has discontinued these products.
With an active membership, upgrading within Version 8 or 9 comes at no software expense, with an exception of implementation time and services from IMS. If you are currently running a Version of Retail Pro other than Version 8 or 9, it is necessary to do a full Version upgrade.
Who should I contact?
It is important to note that while IMS can help you become compliant from a retail POS perspective, you may still need to contact your merchant services provider and/or banking institution to ensure that full compliancy is met and that no fines will be levied. We would also recommend you speaking to your attorney as well.
Contact your IMS account manager or sales rep ASAP at 484-482-1600 or toll free at 800-882-0627 to get more information regarding the retail POS perspective or if you have any questions regarding the Credit Card Compliance.
PIN PAD COMPLIANCE
Apr 28th
Credit Card Compliance has become a major issue for retailers. At IMS, we get a lot of questions about Retail Pro® and compliance. Many think that if they upgrade their POS software, then they are covered. One of our larger customers just notified us that they have been threatened with interest rate increases, late fees, double-cycle billing, and even suspension of taking credit cards if they cannot demonstrate compliance. Compliance is NOT just the software. It also includes your networks (i.e. firewalls, etc.), some hardware (like PIN PADS), and many of aspects of your operation.
Some PIN PAD models may NOT be compliant! The 2 Pin Pads that we’ve worked with are the Ingenico EnCrypt 2100 and the Verifone 1000SE. The Encrypt 2100 is NOT on the list of approved devices. The Verifone 1000SE is, but with certain firmware updates. There are other Retail Pro approved pin pads that are compatible with RPro v8.6 and v9.2. Due to new credit card compliance issues, customers using non-compliant pin pads will need to replace those models.
The Deadline for this is July 1, 2010.
Please contact IMS immediately at 1-800-882-0627 for more information regarding Pin Pads in regards to the PCI Compliance.
Retail Pro: PCI Compliance
Apr 2nd
Payment Card Industry (PCI) Security Standards
Retail Pro International, LLC adheres to the security standards laid out by the PCI Council for the Payment Application – Data Security Standards (PA-DSS) for its Retail Pro applications.
PCI DSS and PA-DSS – What is it?
The PCI DSS is a comprehensive set of security requirements agreed upon by members of the PCI Council intended to provide protection for consumer payment account data. The PCI Council consists of thought leaders from the payment industry including American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. Inc. International, to help facilitate broad adoption of consistent data security measures on a global basis.
PA-DSS is the Council-managed program formerly under the supervision of the Visa Inc. program known as the Payment Application Best Practices (PABP). The goal of PA-DSS is to help software vendors and others develop secure payment applications that do not store prohibited data, such as full magnetic stripe, CVV2 or PIN data, and ensure their payment applications support compliance with the PCI DSS.
Both the PCI DSS and PA-DSS include requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. These standards are intended to help organizations and software vendors proactively protect consumer account data.
At the core of the PCI DSS and PA-DSS are a group of principles and accompanying requirements, around which the specific elements of the DSS are organized.
These principles include:
- Build and Maintain a Secure Network
- Protect Cardholder Data
- Maintain a Vulnerability Management Program
- Implement Strong Access Control Measures
- Regularly Monitory and Test Networks
- Maintain an Information Security Policy
How can Retail Pro help me with PCI?
Retail Pro International, LLC, considers the protection and integrity of payment information to be of the highest importance and takes the security around this data very seriously. It has taken broad measures to ensure both the retailer and consumer’s payment data is protected in accordance with the PCI standards outlined within the PA-DSS.
Our Retail Pro applications are routinely monitored and validated by Payment Application-Qualified Security Assessors (PA-QSAs), as approved by the PCI-SSC, to ensure all payment functionality adheres to the PCI Council’s strict standards. Through the use of Retail Pro the consumer can rest assured that all appropriate steps and precautions are taken to protect the transmission and storage of their credit card information.
For more information about the PCI Data Security Standard and Payment Application – Data Security Standard, visit www.PCIsecuritystandards.org (http://www NULL.PCIsecuritystandards NULL.org).