GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View flipbook of this issue

Care to Share?

Table of Contents

Lead Story

Coming to terms with escalating compliance requirements


Industry Update

New Year's Eve countdown to PCI DSS 3.0

Charge Anywhere puts spotlight on TPSPs

Ingenico spots six payments trends to watch in 2015

Congress of two minds about legal pot


Holiday shopping gets 'pay-by-pay' analysis

The Apple Pay versus bitcoin debate

Wi-Fi continues to raise mobile bar


Cybersecurity predictions for 2015

Banking outside the box

Patti Murphy
ProScribes Inc.

The fight against online payment fraud moves up a level ahead of U.S. EMV rollout

Don Bush


Street SmartsSM:
Games are for kids — not

Tom Waters and Ben Abel
Bank Associates Merchant Services

Three practices to solidify success in 2015

Jeff Fortney
Clearent LLC

The benefits of tablet-based POS solutions

Michael Gavin

Company Profile



New Products

The next evolution in payment processing

TransFirst LLC

Illuminated check presenter turns heads and tables

Illuminated Check Presenter
Ready Check Glo Inc.


Happy returns aplenty


Readers Speak

Feed the mind

Conquering content marketing, scaling sales summits

Resource Guide


A Bigger Thing

The Green Sheet Online Edition

January 12, 2015  •  Issue 15:01:01

previous next

New Year's Eve countdown to PCI DSS 3.0

Jan. 1, 2015, marked the beginning of a new year, as well as the deadline for implementation of a new set of security standards. The PCI Security Standards Council released Payment Card Industry (PCI) Data Security Standard (DSS) 3.0 in January 2014, and gave merchants and payment services providers one year to review and upgrade their PCI DSS 2.0-compliant systems.

The security community embraced the new standards, noting the enhanced protections for e-commerce, widely considered to be a leading point-of-entry for cyber attacks. Many security analysts emphasize that security best practices require constant vigilance that extends far beyond required scans, penetration tests and self assessment questionnaires.

Sustainable best practices are business-as-usual

Suraj Srinivas, Director of Security Consulting at ANX, a Michigan-based data security organization, sees the spirit of constant vigilance reflected in the business as usual (BAU) concept introduced in PCI DSS version 3.0.

"ANX Qualified Security Assessors [QSAs] were early adopters of this concept, having seen its success in other audit programs," Srinivas said. "The key to success for any compliance program is its sustainability. Sustainability is achieved by having a methodical process for ensuring that all the necessary preparatory steps are performed during the course of the year, easing the burden of the annual PCI assessment."

He added that a common piece of advice that ANX offers clients is to "measure twice and cut once," which is aligned with the company's overall approach. ANX supports customers' BAU initiatives with a blended approach that leverages a software-as-a-service compliance tool with the hands-on expertise of the company's QSAs. He believes the company's focus on sustainable best practices keeps compliance in the forefront as a systematic, year-round process for its customers.

Protecting the transaction life cycle

Frank Stornello, Chief Marketing and Strategy Officer for Verifi, noted that the impact of omni-channel trends on payment technology has made full life cycle transaction protection critical for best-in-class online commerce. For retailers, protecting omni-channel payments from start to finish while ensuring a seamless shopping experience requires a careful blend of pre- and post-sale security and fraud prevention.

"The landscape of payments is quickly evolving and new payment options and technologies are emerging rapidly – giving consumers many choices for payment: mobile, online, cash, credit, loyalty points and digital currencies to name a few," Stornello said. "Unfortunately, security lapses change shopper behavior. Studies show a direct correlation between a data breach and consumer confidence - threatening the merchant's ability to remain in business."

E-commerce: not one-size-fits-all

PCI DSS 3.0 guidelines categorize e-commerce merchants by matching self-assessment questionnaires (SAQs), scans and testing levels to each group's degree of exposure to cardholder data. Many security analysts believe e-commerce merchants who implement PCI 3.0 security controls will significantly mitigate the risk of cyber attacks.

Following are three distinct forms of e-commerce and their respective SAQ's:

Merchants remain first line of defense

Verifi's Stornello noted that as payments become more complex, merchants will increasingly be called upon to shoulder the "full burden of true as well as friendly fraud" as consumers increasingly rely on them to protect the integrity of their payment transactions.

"Merchants are facing confusing statements, changing compliance requirements, determined hackers, and no shortage of processing fees, multiple discount rates, and chargebacks," Stornello added. "Consumers expect merchants to protect their payments at all phases of the transaction lifecycle - even identity theft - which occurs before the payment card even enters the payment stream."

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | USAePay | Impact Paysystems | Board Studios