PCI & Data Security

Safeguarding your client’s data is more critical today than ever and can mean the difference between merchant success and failure.

The Payment Card Industry (PCI) Security Standards Council is an industry body made up of organizations like Visa, MasterCard, American Express and Discover.

PCI-DSS

PCI DSS stands for Payment Card Industry Data Security Standard. This is a technical and broad-ranging set of security requirements created by the Payment Card Industry, laying out what Merchants need to do to protect customer information. The PCI Council requires that Merchants meet this set of security requirements if their business accepts, transmits or processes customer payment cards, such as credit cards or debit cards. Merchants that do not comply with these requirements can be penalized in a number of ways, up to and including having their card-processing privileges revoked, leaving them unable to accept customer payment cards.

Encryption - Encrypted Card Readers (E2EE, P2PE)

When it comes to protecting cardholder data, we’re looking at a significant issue and the need for comprehensive solutions. Data security is growing increasingly complex with thieves using intrusive methods like malware and sniffing technologies to attack merchant equipment and processor data centers, stealing millions of card records.

End-to-End Encryption (E2EE) & Point-to-Point Encryption (P2PE) – NACCA encrypts card account numbers and mag-stripe data from the first point of entry at the POS to the gateway (P2PE) or to and from the processor/acquirer (E2EE). A few key advantages include:

  • Data encrypted by swipe hardware, no clear-text in POS
  • Merchant does not have keys to decrypt the data
  • Protects payments
Tokenization

Our tokenization solutions convert or replace payment card data with a unique ID used for subsequent activity while storing the original data and token conversion scheme in a secure data center. Instead of the merchants system storing sensitive credit card information such as card number and expiration date, the payment gateway stores the details and sends the merchant back a token that can be referenced whenever the merchant needs to process another payment. The main advantages include:

  • Tokenization replaces sensitive payment data with a unique identifier known as a token.
  • Protects merchant from risk of storing sensitive payment data
  • Secure recurring and installment payment management
Hosted Checkout Pages

Hosted checkout pages enable you to pass transaction data securely to the server and to collect credit card acceptance data.

Embedded API with Direct Post, often called Transparent Redirect, enables card holder data to post directly to the payment gateway at the point of entry. Transparent Redirect posts payment details silently to the Gateway server, so this sensitive information never goes through the merchant’s website.

The inline-frame “i-Frame” part of the web page is the hosted checkout. The customer’s credit card information is sent directly to the payment gateway and never passes through the merchant’s web server, reducing the need for the merchant to achieve PCI-DSS (Payment Card Industry – Data Security Standard Compliance).

Semi-Integrated Solutions

Connect your POS System to our semi-integrated terminal solutions. The POS sends simple transaction data (ie purchase amount) to the terminal application via middleware. The payment application then creates the transaction prompts for the card data (chip, swipe, key enter) and sends it to the processor. The terminal payment application then receives the processor response (approval or denial) and sends it back to the POS application. Payment data is managed in the terminal application hardware/software. The sensitive card data never touches the POS reducing the scope of PCI-DSS (Payment Card Industry – Data Security Standard Compliance).