Prepare for PCI DSS Version 3.0


Thomas Jefferson wisely said, “Never put off till tomorrow what you can do today.” When it comes to compliance with Payment Card Industry Data Security Standard (PCI DSS) version 3.0, it might be time for merchants to heed Jefferson’s advice. In a recent survey conducted by NTT Com Security aimed at assessing the awareness, acceptance, and understanding of PCI DSS 3.0, the findings were eye-opening:

  • Just 30% of respondents said they have reviewed the requirements and have a plan in place.
  • 41% stated they had heard of PCI DSS 3.0, but did not have a plan for compliance.
  • 70% were unaware of the date by which they need to be PCI DSS 3.0 compliant. [1]
Payment Information Security

How Important Is It to Train Employees on Information Security?

The short answer is – VERY important.  The fact is, the better your technical and infrastructure defenses are, the more likely it is that a social engineering attempt will be made on your people.

In 2013, over 89% of breaches and data loss incidents were deemed preventable through security awareness and execution programs. More relevant, 60% were the direct result of social engineering and other attacks that began with employees that had no substantial access to data. Put another way, 60% of the over one billion records lost in 2013 were the result of employees.[1]

New to PCI Compliance? Start Here

If you are new to Payment Card Industry Data Security Standard (PCI DSS) compliance, the topic can be somewhat confusing. Learning the terms, navigating requirements, and understanding what is in scope is no easy feat. If your organization accepts, transmits, or stores any card holder data, it is important to know the basics.

To help you on your way, one of our partners, FoxyCart, has put together a primer on PCI DSS Compliance. In easy-to-understand terms, the ebook covers:

  • What is PCI compliance?
  • How can you minimize your burden?
  • What common myths need to be debunked?

Lesson on Tokenization

We see signs every day that inform us about safety measures an organization is taking. We have all seen these examples:

  • “Premises protected by video surveillance.”
  • “This vehicle stops at all railroad crossings.”
  • “Driver carries less than $100 in cash.”
  • “Caution: Wet floor”

These types of signs are common in business. They show customers, partners, and employees what’s being done to protect the business and help reduce the organization’s risk and liability.

Don’t Become a Target for Payment Data Theft

As if the recent data compromises affecting more than 115,000,000 cardholders among Target, Neiman Marcus, Michaels, Aaron Brothers, Marriott and Sheraton, to name a few, are not enough, experts are predicting data breaches may increase in 2014.[1] Are your payment security measures as strong as they could be?  Wash away all the marketing hype and hyperbole, and learn why TrustCommerce clients rest well, knowing that their customers’ data is secure. These best practices protect payments and reduce the risk and liability associated with accepting electronic payments.

Payment Security

How Can Healthcare Organizations Reduce PCI DSS Scope?

Healthcare organizations must be aware of vulnerabilities when accepting electronic payments and be proactive about protecting against them. Whether it is an individual employee who steals a patient’s payment card information or a large-scale cyber-attack, compromised data is costly. According to Ponemon Institute’s 2013 Global Cost of a Data Breach, Healthcare experiences the most costly data breaches at $233 per lost record; pharmaceuticals rank third at $207[1]. Couple that with damage to brand and reputation and it is easy to see how difficult it can be to recover from a breach.

Merchant Payment Solutions

Set Up a Secure E-Commerce Payment Application: Part 1

In this two-part series, we will talk about two popular payment acceptance paths for e-commerce: Embedded API for Direct Post, commonly referred to as transparent redirect, and hosted payment pages. We will look at how the solutions function and things to consider when selecting your preferred method.

Recently, I went to see the Space Shuttle Endeavour at the California Science Center. It is an impressive piece of history to see firsthand. I could not help but think of how often you hear, “This isn’t rocket science.” This actually was rocket science! The complexity and inner workings of this ship are incomprehensible to most of us, a little intimidating, yet awe-inspiring.

The good news is that setting up a secure e-commerce environment doesn’t have to be rocket science, although it may sound like it. Known in the industry as “transparent redirect” or “Embedded API with Direct Post”, TC Trustee API is an elegant e-commerce payment solution that lets merchants do what they do best—manage the web site, user experience and environment—but leave the payment acceptance and security to the experts.

An embedded feature of the merchant-hosted payment form, the TC Trustee API code posts financial transaction field data from the customer browser straight to the TC secure processing platform. It is easy to set up, requiring a small amount of code and basic programming skills.

New to Electronic Payments? Start Here

Those new to electronic payment processing often ask, “Why do I need a payment gateway?” It’s a great question and this article will help explain.

In order to process electronic payments such as credit cards, debit cards, and ACH/electronic check payments, merchants work with payment gateways. A payment gateway sends the electronic payment data to a processor/acquiring bank that routes the payment securely to the issuing bank. A payment solution handles this complex workflow in mere seconds. An issuing bank maintains the consumer’s credit card account and pays out to a merchant’s account when the consumer makes a credit card purchase.

The gateway can be one piece of an overall payment solution. TrustCommerce payment solutions include gateway functionality, and much more.