HOME | CONTACT US | SITE MAP

• HOME
• ABOUT US
  • Overview
  • Core Competencies
  • Our Team
  • Alliances and Associations
  • Philanthropy
  • Events
• PAYMENT
  • Retail Payments
  • eCommerce
  • CPO
  • PCI Compliance
    • Summary of the 12 PCI Requirements
    • Getting Started
    • Minimizing Work
  • Experience
• RETAIL TECHNOLOGY
  • Overview
  • Architecture
  • Deployment
  • Support
  • Experience
• MOBILE COMMERCE
  • Overview
  • CPO
• QUALITY ASSURANCE
  • Overview
  • W.Capra Labs Web site
• MANUFACTURING
  • Overview
• VIEWPOINTS
  • Overview
  • Industry
    Perspectives
    • Retail Industry
    • Hospitality
      Industry
    • Petroleum
      C-Stores
    • QSR Industry
    • Regulatory
      Compliance
  • Case Study
•  

MINIMIZING WORK

• PCI Data Security Standards (PCI DSS) requirements must be met for any system that stores, processes, or transmits cardholder data. Processing and transmitting account numbers is essential in any system that authorizes card transactions. However, retailers in the past have often stored account numbers in additional site and head office systems so they can look up the transaction later if it is disputed. There are other ways of finding a specific transaction: reference number is often the easiest. If you reduce the number of systems that touch cardholder data, then you reduce the scope of your PCI compliance validation efforts.
  
  
• Get your key vendors involved. Ask them if their products are PCI DSS compliant. If so, are there any version upgrades or configuration options you need in order to make sure your systems can pass the PCI DSS Compliance Validation? If their products are not PCI DSS compliant, then what are their plans for addressing PCI DSS compliance, and when will they deliver a version that has been PCI DSS validated?
  
  
• Make PCI DSS compliance part of the criteria for any new retail system selection. This is not your problem; it is the whole industry's problem. It is reasonable to expect all new vendors to deliver software, hardware, and network components that are PCI compliant.
  
  
• Separate your networks that handle card data from other site and head office networks. If you provide Internet access for your site manager, there needs to be a firewall between your card network and the network handling Internet traffic. This does not necessarily mean multiple network connections on site — there are network providers that will provide a single physical connection that separates the two types of traffic.