Integral Logo Integral Transaction Processing Solutions Verifone

Security

Security Overview 


Payment Card Industry Data Security Standard (PCI-DSS)

The Payment Card Industry (PCI) Data Security Standard (DSS) is being introduced worldwide by MasterCard, Visa, JCB and American Express.

In recent years, cardholder security breaches have seriously harmed company reputations and damaged consumer trust and confidence. To address these issues, Visa and MasterCard have developed the PCI data security standard in order to restore consumer confidence in card payments. The standard aims to give cardholders the assurance that their card details are safe and secure when their debit or credit card is offered at the point of sale, over the Internet, on the phone or through mail order.

Merchants that do not comply with the standard face the prospect of substantial fines imposed by the card schemes in the order of hundreds of thousands of euro or of being permanently barred from the card acceptance programme, should a security breach occur which involves their systems or processes. Although the initial focus was on online transactions, PCI compliance applies to any organisation that stores, processes or transmits cardholder data and consequently effects merchants with physical stores as well as banks, processors and service providers.

Integral is well advanced in achieving PCI DSS certification and also VISA PABP (Payment Application Best Practice) accreditation for PayRouter.

The Payment Card Industry (PCI) Data Security Standard is designed to create common industry security requirements that incorporate the CISP requirements. PCI offers a single approach to safeguarding sensitive data for all card brands, and consists of the following basic requirements:

  • Build and Maintain a Secure Network
  • Protect Cardholder Data
  • Maintain a Vulnerability Management Program
  • Implement Strong Access Control Measures
  • Regularly Monitor and Test Networks
  • Maintain an Information Security Policy

Payment Application Best Practices (PABP)
The goal of the Payment Application Best Practices program is to help software vendors create secure payment applications. To be considered secure, these applications must not retain full magnetic stripe data or CVV2 data and must support a merchant's ability to comply with CISP/PCI requirements.