Our 12 Days of Tips series explores how small retailers can ACT now to repel data thieves during this prime shopping season. Awareness, Checking security controls and Testing security now will help your business lock down your systems during the holiday rush.
Merchants looking for more information on how to secure customer payment data should visit the PCI SSC merchant site.
Are You Using Tested Products and Vendors?
A sure way to improve payment card security during the holiday selling season is to use products and vendors that are tested and approved by the PCI Council.
For a small merchant, two primary product types are the terminal equipment you use to accept payment cards, and the applications you use to process payments. A third product type is point-to-point encryption – an advanced technology solution that provides super-strong protection for cardholder data that is processed, transmitted or stored by merchants.
The PCI Council conducts programs for testing and validating all three product categories.
The Council also conducts training and qualification programs for the people and companies that install these solutions in retail stores like yours.
Here are four places on the PCI Council website to get information about tested products and vendors.
1. Terminal Equipment. Validated PIN Transaction Security (PTS) devices are used by a merchant at the point-of-interaction for capturing payment card data and validating approval of its use for a transaction. For a list, see: https://www.pcisecuritystandards.org/approved_companies_providers/approved_pin_transaction_security.php
2. Payment Applications. Validated payment applications are used by merchants to process electronic payments. For a list, see: https://www.pcisecuritystandards.org/approved_companies_providers/vpa_agreement.php
3. Point-to-Point Encryption. Validated P2PE solutions and applications may simplify PCI compliance programs by eliminating clear-text cardholder data from the payment processing environment and reducing the scope of PCI Data Security Standard requirements.
- For a list of validated P2PE solutions, see: https://www.pcisecuritystandards.org/approved_companies_providers/validated_p2pe_solutions.php
- For a list of validated P2PE applications, see: https://www.pcisecuritystandards.org/approved_companies_providers/validated_p2pe_applications.php
- Get started with P2PE with this merchant guide: https://www.pcisecuritystandards.org/documents/P2PE_Solutions_for_Merchants_v2.pdf
4. Qualified Integrators and Resellers. These are professionals of qualifying organizations with training and qualification on the secure installation of Payment Application Data Security Standard (PA-DSS) validated payment applications. For a list, see: https://www.pcisecuritystandards.org/approved_companies_providers/qir_companies.php
To learn more about how using tested products and vendors improves payment card security, visit the PCI SSC website.
Merchants looking for more information on payment security essentials should start here: