PCI Compliance
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Dear WISPA Colleague,
Last month BillMax announced the availability of its 2nd quarter 2013 release.
This
release included enhanced credit card processing and management for the Payment
Card Industry's (PCI) compliance requirements. More on this further below.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
PCI Compliance
Everyone has heard about PCI, yet there seems to be quite a bit of ongoing
uncertainty
about what it all means. Getting a definitive answer is somewhat akin to
getting
advise from the IRS. Once audited, you and only you are responsible for the
return's
accuracy, even if you acted on advice from the IRS or a tax consultant.
The same is true for PCI. As the merchant you are ultimately responsible for
securing
your customer credit card information. So what to do? First off, we encourage
you
to study up on the requirements at their website (see resources column for
link).
Other valuable sources of information include your payment application vendor,
your
merchant account provider, and your payment gateway vendor (if not provided with
your merchant account). Each of these companies can help guide you through the
process.
One thing is certain, if your business accepts credit card payments in any form
you are almost certainly subject to some PCI reporting and compliance.
One last point on compliance, use of approved vendor applications and payment
gateways
in itself can not make a merchant compliant as the standards also address the
merchant's
overall computer and network environments as well as your security and policy
procedures.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Tokenization
Tokenization is a term for the process where sensitive credit card information
is
almost entirely handled and stored at a third party site (most often the
gateway).
Instead of holding the credit card number and other details, the payment
application
provides a "token" that identifies this information at the payment gateway.
Using tokenization does not entirely eliminate PCI compliance scope but it does,
if implemented properly, limit or eliminate the exposure should a breach occur.
Furthermore, use of tokenization can (in most cases) reduce your reporting
requirements
to that of the 'Self Assessment Questionnaire-A'.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
BillMax and IPPay Success Story
PCI also imposes specific requirements on payment applications. These
requirements
are covered under the PA-DSS specification. BillMax 2013 currently complies with
each of its 13 Security Assessment Procedures. This list includes items such as
encryption (storage and transmission), application security (authentication),
logging
of activity and access, etc.
In addition BillMax 2013 (2nd quarter release) fully supports IPPay's
tokenization.
In BillMax's implementation, sensitive credit card information is never written
to disk. Upon initial data entry the information is immediately and securely
transferred
to IPPay and a token for subsequent transactions is returned.
This feature has been implemented at several client sites to date with great
success
and no disruption to processing,
Pinnacle Network Solutions (web site
[http://r20.rs6.net/tn.jsp?e=001tHLFOtAKQ7AWC-TPsfN412FdJT54WD8jmfiaMLDCU8hI5jfkSSq_NocNIvjiuIcTXaouoLOpc8SHVXDeuNMs8eAmYu1aP7SQ4-6ZhjeiPDnAYxLamNyFMJ5bfszpM7ci-PvldWkausc=])
uses tokenization and BillMax's cloud based hosting service for a complete
turnkey
solution and peace of mind. Tim McMath, Pinnacle's Vice President says "Billmax
has been a vital tool in our growth and success. It's hosted solution allows us
to focus on growing our business while providing superior services. In short
with
BillMax, we are doing more with less...".
If you aren't yet a BillMax customer or haven't checked us out in awhile, give
us
a call. We are constantly improving BillMax and would love to show you what's
new
and where we are headed.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sincerely,
Bill Schoolfield
Billmax Billing Solutions
Vice President
[email protected] [mailto:[email protected]]
817.446.7776
In This Issue
PCI Compliance
Tokenization
BillMax and IPPay Success Story
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
PCI Resources
Payment Card Industry
[http://r20.rs6.net/tn.jsp?e=001tHLFOtAKQ7BRsczDjz-3AlXfN40ZyxWcN6zoOne92wMGONvwNgrI-qmfFqBkQPkj_1s6dsZ38RZhgSfGQlAWiV8uQWQqAdOaRqcXpLOCrIB7QRLV1Xf-SKzu9AUGpFLEYPgIj8NFJivvXhceVsjAKw==]
Web site.
IP Pay
[http://r20.rs6.net/tn.jsp?e=001tHLFOtAKQ7BOd6oZy4h5AmJPDrTKgKWu8o82OL_rXf9EcBWmC30S3K6Nm_1ftaSiR6SqBkZT8M_1Ro9SYTHHGOMaoaaYcyU-SNCRZOEagCv_AR8KNp5vFA==]
Web site.
BillMax Electronic Fund Processing
[http://r20.rs6.net/tn.jsp?e=001tHLFOtAKQ7BpvPAw36DqeUEn3bf4jefyNQ66TH_Ew2NC86XVDzX-qrU35cjm7NbYlWcsNjPhuekO7YFfkPMp8Lqr6iDNdcgiErmmow0KEtJAOelxCdwfrdXh_XG6hKKppMJL4VHUvvrNvuoAWDQ8v0R7gE167vQZP_GpKwiIJmc=]
PDF
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
PCI "Do's and Don'ts"
1. Never ever directly expose your payment application to the Internet. Deploy
firewalls,
VPNs, etc. and require external Authorization for network access.
2. If using BillMax, do not disable or lessen PCI security settings.
3. Use Tokenization to avoid storing credit card data.
4. Don't forget physical security and access to servers holding sensitive data.
5. If you must store credit card data, store it in encrypted form.
6. Limit view of credit card numbers to the last 4 digits always. No exceptions!
7. Do train your staff on the proper handling of credit card data. Do not, for
example, ever send this information in a email message.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Did you Know?
BillMax has built in geocoding and service address mapping.
BillMax generate FCC 477 Reports with a single button click.
BillMax generates true B2B Invoices as well as utility style statements.
BillMax can process Auth - Only and Capture - Only credit card transactions.
This
is typically used to authorize a charge before actually creating an account or
service.
BillMax can handle complicated (TelCo like) taxes.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Follow-up Links
www.billmax.com
[http://r20.rs6.net/tn.jsp?e=001tHLFOtAKQ7D5SgV1WTSQKP_07FAYwJpLeDZOtTi8Ar-3aT40_6qgb5OCjT5pcT3qJ3aVLklMpvDKzHSzyruQIbevve2JR8mHyqiTTNZekOwi9jDPrHMP2Q==]
www.wispa.org
[http://r20.rs6.net/tn.jsp?e=001tHLFOtAKQ7CS2a0_bltne0ViPfOmzxP3HnLK7KISYLj3aRFc13ZmmivXAtUpwtL5xCy04W-P7RG9Ajz--riIJMacr_uIo14YpcCxZ1K6--YUQyHqQzwMbQ==]
BillMax 2013 Datasheet
[http://r20.rs6.net/tn.jsp?e=001tHLFOtAKQ7CDVng2aqESp_EeKNGH8KqbsCFhKh-9l7l6G6m-QPcI23fQGJkS1g3ss1lzJu5-U-ySjNgcBbVHNP2LuImko0jopYpt_oIbKLBg_URqHqB-Ze1TrbW6gwCphSSAQ8NgoQRnasq9HE0-QQ==]
Forward to a Friend
[http://ui.constantcontact.com/sa/fwtf.jsp?m=1102788387779&a=1114167798712&ea=advertisements%40wispa.org]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Forward email
http://ui.constantcontact.com/sa/fwtf.jsp?llr=d5y5ubdab&m=1102788387779&[email protected]&a=1114167798712
This email was sent to [email protected] by [email protected].
Update Profile/Email Address
http://visitor.constantcontact.com/do?p=oo&mse=0018nJcGPmgGoi8qkan3x3L-_uz0gavRoGU&t=001bm8uTFQpH5i-lkTa_YkRRA%3D%3D&llr=d5y5ubdab
Instant removal with SafeUnsubscribe(TM)
http://visitor.constantcontact.com/do?p=un&mse=0018nJcGPmgGoi8qkan3x3L-_uz0gavRoGU&t=001bm8uTFQpH5i-lkTa_YkRRA%3D%3D&llr=d5y5ubdab
Privacy Policy:
http://ui.constantcontact.com/roving/CCPrivacyPolicy.jsp
Online Marketing by
Constant Contact(R)
www.constantcontact.com
Billmax Billing Solutions | 6815 Manhattan Blvd. Suite 330 | Fort Worth | TX |
76120
_______________________________________________
Advertisements mailing list
[email protected]
http://lists.wispa.org/mailman/listinfo/advertisements
