Data security has become a primary consideration for every type of business that accepts credit cards and debit cards for the payment of goods or services. The five major card schemes, including Visa and MasterCard, have established the Payment Card Industry Security Standards Council (PCI SSC) to oversee the Payment Card Industry Data Security Standard (PCI DSS) and to promote data security throughout the payment card industry.

• Security
• Features
• PCI DSS
• Validation

Security

PCI DSS

According to Visa, you can increase your data security and reduce the risk of compromises by using a PCI DSS–compliant service provider and a secure payment application.

Optimal Payments is fully compliant with Level 1 of the PCI DSS.

• Industry experience: 10 years
• Security compliant: Since 2001
• Transactions processed: 300 million
• Payments handled: 12 billion USD
• Security breaches: None

Security Features

It is much easier to achieve compliance if your business model doesn’t require storing payment card data. By processing repeat transactions using our Stored Data Transaction or Recurring Billing features, we will store all sensitive information in our secure network, alleviating the need for you to store it.

In some cases you don’t need to even touch the card details. We allow your customer to enter sensitive information into a Secure Payment Page hosted on our servers, completely bypassing your own network.

Validation Service

To help your business meet its PCI DSS compliance requirements and to facilitate the validation process, Optimal Payments has teamed up with SecurityMetrics – an accredited Qualified Security Assessor (QSA) and an Approved Scanning Vendor (ASV) – to help you complete your self-assessment questionnaire and network security scan.

Features

Stored Data Transaction

The Stored Data Transaction feature allows you to perform a payment card transaction by simply providing a confirmation number from a previous transaction. This confirmation number allows us to retrieve from our database most of the data required to process the transaction, alleviating the need for you to store card details.

Secure Payment Page

The Secure Payment Page is for merchants who want to process secure card payments via the Internet, without requiring a secure website or programming expertise. With this integration option you only have to add a single HTML button to your website. The button takes your customer to a secure payment page hosted on our servers, where your customer enters their payment information to complete the purchase. By avoiding any exposure to card details and outsourcing the entire payment process to us, you are leveraging our own compliance with PCI DSS.

Recurring Billing Tool

Our Recurring Billing tool easily automates payments that need to be collected periodically and deposited directly into your merchant account. You provide the information for each billing record, such as customer and contact information, credit card or debit card details, the amount, and the time each payment should be collected. Once you set these billing records up on our platform, our Recurring Billing tool takes over, reliably processing your transactions for the amount, at the frequency, and over the time period that you have specified, while notifying your customer by email every time a transaction is processed.

Online reports allow you to view the billing history of any customer, including the status of each transaction, the amount, and the date it was processed.

With our Recurring Billing tool you eliminate the need to store payment card details in your network, minimizing your PCI DSS compliance requirements.

PCI DSS

All merchants and service providers that store, process, or transmit cardholder data are now required to comply with the Payment Card Industry Data Security Standard (PCI DSS). To protect cardholder data from a security breach it is imperative that all merchants demonstrate and validate PCI DSS compliance annually, unless relying on the Payment Service Provider (PSP).

Industry Regulations

PCI DSS was developed by the founding card schemes of the PCI Security Standards Council to facilitate the adoption of consistent data security measures globally. The PCI DSS includes requirements for security management, policies, procedures, network architecture, software design, and other critical protective measures intended to proactively protect customer account data. The Security Standards Council was founded to oversee the standard. Each card scheme has its own programs that help merchants attain compliance with the PCI DSS.

Security Requirements

There are six categories of compliance requirements.

Build and Maintain a Secure Network

Install and maintain a firewall, and use unique, high-security passwords, with special care to replace default passwords.

Protect Cardholder Data

Whenever possible, do not store cardholder data. If there is a business need, you must protect this data. You must also encrypt any data passed across public networks, including your shopping cart and Web-hosting providers.

Maintain a Vulnerability Management Program

Use anti-virus and keep it up to date. Develop and maintain secure operating systems and payment applications. Ensure the applications you use are PCI DSS–compliant.

Implement Strong Access Control Measures

Access – both electronic and physical – to cardholder data should be on a “need-to-know” basis. Ensure those people with access have a unique ID and password. Do not share logon information.

Regularly Monitor and Test Networks

Track and monitor all access to networks and cardholder data. Ensure you have a regular testing schedule for security systems and processes such as firewalls, patches, and anti-virus.

Maintain an Information Security Policy

It’s critical that your organization has a resource for how data security is handled at your business. Ensure you have a policy and that it is disseminated and updated regularly.

Compliance Validation

There are two main components of validation:

• Completing the Self-Assessment Questionnaire (SAQ)
• Undergoing Vulnerability Scans performed by an Approved Scanning Vendor quarterly

PCI Self-Assessment Questionnaire

The PCI Self-Assessment Questionnaire is a list of questions used to assess your compliance with the requirements of the PCI DSS. The PCI Security Standards Council released four versions of the questionnaire to account for different merchant environments.

SAQ A: Addresses requirements applicable to merchants who have outsourced all cardholder data storage, processing, and transmission.

SAQ B: Created to address requirements pertinent to merchants who process cardholder data via imprint machines or standalone dial-up terminals only.

SAQ C: Constructed to focus on requirements applicable to merchants whose payment application systems are connected to the Internet.

SAQ D: Designed to address requirements relevant to all service providers defined by a payment brand as eligible to complete an SAQ and those merchants who do not fall under the types addressed by SAQ A, B, or C.

For more information on the questionnaire, and to determine which one is right for your business, please ask us.

Network Vulnerability Scan

The Network Vulnerability Scan is an automated, non-intrusive scan that assesses your network and Web applications from the Internet (on the external-facing IPs). The scan will identify any vulnerabilities or gaps that may allow an unauthorized or malicious user to gain access to your network and potentially compromise cardholder data.

Many times this scan will discover vulnerabilities that need to be resolved in order to maintain compliance. Once you resolve these vulnerabilities, a directed scan can be run upon your request to verify that you have resolved any compliance issues. You may also run a directed scan after you have made changes to your network to ensure that the changes have not affected your compliance status.

Validation

Optimal Payments PCI compliance Program

Our Partner

To help your business meet your PCI DSS compliance requirements and to facilitate the validation process, Optimal Payments has teamed up with SecurityMetrics – an accredited Qualified Security Assessor (QSA) and an Approved Scanning Vendor (ASV). Their vulnerability assessment and compliance management solution SecurityMetrics provides the following benefits:

• Scanning engine that tests for more than 3,000 vulnerabilities
• Online Self-Assessment Questionnaire
• Detailed compliance status reporting
• Vulnerability prioritisation
• Remediation services to address security vulnerabilities and achieve compliance more quickly
• Comprehensive online support resources
• Multi-lingual help desk support

More information about SecurityMetrics can be found at www.securitymetrics.com or at 801-724-9600.

Costs and Deadlines

The cost of the PCI DSS compliance validation service is $204 per annum, or an equivalent cost in foreign currency. This will be collected from your merchant account in 12 monthly payments of $17 U.S., or an equivalent cost in foreign currency, commencing in the month you request access to the validation service, and continuing for a minimum of one year, thereafter automatically renewing for successive one-year periods until such time as you cancel the service. This fee is in addition to any monthly fees payable under your Merchant Services Agreement.

To initiate your PCI DSS compliance validation process please call us at 888-709-8753 and we will help you register.

Sidebar

Contact Us
Today

About NETBANX

Submit an RFP