|
|
|
|
|
 |
PCI DSS Security |
|
Protecting sensitive data from unauthorized access is a mandatory requirement for retailers, regardless of size or number of transactions. Said another way, if your customers pay you using credit, debit, or prepaid cards branded with one of the following logos - American Express, Discover, JCB, MasterCard, and Visa International, then compliance to PCI DSS security for all payment applications is required.
Payment applications include point of sale systems that capture, store and transmit card data electronically (in scope solution) or applications from a service provider that capture, transmit and store card data electronically bypassing the point of sale application (out of scope solution). In either case the merchant is responsible for insuring that the payment application they use facilitates overall PCI DSS compliance.
The MI9 Store point of sale system gives retailers the choice of implementing a fully integrated PA DSS compliant “in scope” or “out of scope” payment solution.
MI9 Store in scope solution fully complies with these PABP requirements, providing: |
|
|
| • |
Fully integrated interface to PCI compliant pin entry devices from leading manufacturers for capture of customer credit card and debit pin based transactions as well as electronic signature capture. |
|
| • |
Encryption in memory of credit and debit card numbers at time of entry for POS authorization using approved Triple DES encryption. Once encrypted the actual card number is never displayed, printed, stored or transmitted in unencrypted form. |
| |
| • |
Display of card type and only the last four digits of the card number on the transaction receipt as well as on any inquiry or report with access to card transaction details. |
|
| • |
The system does not store magnetic stripe, validation code (CAV2, CID, CVC2, CVV2) or PIN block data. |
|
| • |
Multiple security levels for user ID/password access to applications with logging of all access to encrypted transaction details. Secure remote access is supported using the same rules. |
|
| • |
No unencrypted card information is transmitted over a wireless network or stored on any application server connected to the internet. |
|
| • |
Encryption keys are defined by the merchant and incorporated into the application. Encryption keys are not accessible to MI9 personnel at the source code level. |
|
|
|
|
In Scope Credit Authorization
MI9 Store forwards card information to a credit switch or merchant processor for authorization. The encrypted card data is only de-encrypted by the store application in memory just prior to forwarding the data. The system assumes that data will be routed using a secure dial-up connection, web-based connection, or privately held leased line. Once the authorization is returned to the store application, it is re-encrypted in memory upon receipt and forwarded to the POS terminal in encrypted form to complete the tendering and storage process.
Note: MI9 uses Communication Horizons LLC NetLib Encryption software to support encryption. Communication Horizons has over 20 years experience developing security software and is a leading provider of data encryption technology. Their NetLib Encryption software offers a cost- effective, scalable and easy to deploy solution for our retail customers. For more information concerning Communications Horizons Netlib Encryption Software visit www.netlib.com.
|
|
MI9 Store PA DSS – Out of Scope Solution |
To minimize risk and reduce internal efforts related to PCI DSS compliance, some retailers have opted to use a 3rd party service provider to interact with and store credit card data.
MI9 has teamed with Shift4 Corporation to provide a PA DSS compliant out of scope payment solution using Shift4’s DOLLARS ON THE NET ® payment gateway. This solution takes over management of the POS credit/debit pin entry terminal replacing the standard MI9 Store interface to the card entry device. The Shift4 application manages entry of credit card data, interacts with the POS application to support integrated tender processing, and manages credit authorizations using its secure resilient network and merchant gateway system thereby completely bypassing the POS application.
The Shift4 application interacts with the POS application using a ‘token’ in place of the card number to support POS tender processing and transaction detail capture. The token is used to access actual card information when needed from the Shift4 system. For more information concerning Shift4 applications visit their web site at www.shift4.com. For more information about MI9 Store, email sales@mi9retail.com or complete the online information form. |
|
