In today’s CardFlash News Que: FIRST ANNAPOLIS (Schwarcz); SHIFT4 (TrueTokenization): COALFIRE (InstaMed); and TASKER (Flint Mobile).
Payment Card Industry (PCI) Payment Application and Qualified Security Assessor (PA-QSA) specialist Coalfire Systems and InstaMed, a Healthcare Payments Network, have issued a white paper on payment card security for the healthcare industry.
TrustCommerce Point-to-Point Encryption (P2PE) payment solutions announced it is one of the first to achieve PCI DSS 3.0 validation. A Level 1 Service Provider, TrustCommerce deployed PCI DSS version 3.0 as the third major update to the PCI DSS. Reporting guidelines were made available in February 2014; however, existing PCI DSS 2.0 compliant vendors have until January 1, 2015 to move to the new standard. The changes continue to raise the level of best practices that govern the industry. The PCI DSS provides technical and operational requirements, standards, and guidelines for all entities that process, store, or transmit cardholder data, including issuers, providers, acquirers, merchants, and service providers. PCI DSS version 3.0 is intended to place even more emphasis on payment data security.
Coalfire Systems PCI Payment Application and Qualified Security Assessor (PA-QSA) company announced healthcare providers will reduce the scope of PCI compliance requirements with InstaMed, the leading Healthcare Payments Network. InstaMed’s Payment Card Encryption, integrated with MagTek®’s MagneSafe Security Architecture and secure payment card devices, enables providers to significantly reduce and nearly eliminate their risk of a data breach.
403 Labs, LLC, a leading information security consulting and services company, has been certified as a Qualified Security Assessor for Point-to-Point Encryption (QSA (P2PE)) and Payment Application Qualified Security Assessor for Point-to-Point Encryption (PA-QSA (P2PE)) by the Payment Card Industry Security Standards Council (PCI SSC). Brookfield, WI (PRWEB) June 04, 2012 403 Labs, LLC, a…
The PA DSS assessment consists of eleven (11) requirements along with two (2) important appendix sections, one that describes the requirements for an “Implementation Guide” and the other detailing the laboratory instructions for testing and validating an actual live environment of the application itself. There are also numerous sub-requirements within each of the eleven (11) core requirements that must be validated by a PA-QSA-a fully licensed and accredited individual allowed to perform PA DSS assessments.
SecurityMetrics’ new TIN Matching Service helps payment processing entities recover and match merchant tax identification numbers (TIN) and legal business names to streamline the matching process for a subset of SunTrust Merchant Service merchant clients that have not yet validated with Internal Revenue Service (IRS) records. SunTrust Merchant Services selected SecurityMetrics’ “TIN Matching Service” to streamline the matching process for a majority of its merchants. In accordance with new U.S. Government regulations originating from the Housing and Economic Recovery Act of 2008, payment settlement entities will be required to withhold 28 percent of daily gross merchant payment card transactions if a merchant fails to validate their TIN with their reporting entity. At present, many merchant TIN numbers remain unvalidated with banks, and unreported to the IRS.
SecurityMetrics “TIN Matching Service” is now available to help payment processing entities recover and match merchant tax identification numbers (TIN) and legal business names to streamline the matching process for a subset of SunTrust Merchant Service merchant clients that have not yet validated with Internal Revenue Service (IRS) records. With this, SunTrust Merchant Services announced it has selected the SecurityMetrics “TIN Matching Service” to streamline the matching process for a majority of its merchants. SecurityMetrics allows merchants to validate their TIN and business data in minutes by going online to the SecurityMetrics website or by calling SecurityMetrics’ call center.
Merchant Link “TransactionShield” and “TransactionVault” solutions can significantly reduce merchants’ PCI DSS scope, according to an independent security assessment released by Coalfire Systems. The Payment Card Industry (PCI) Qualified Security Assessor (QSA) and Payment Application Qualified Security Assessor (PA-QSA) company validated Merchant Link’s “TransactionShield” point-to-point encryption (P2PE) solution that ensures that customer data is secure from the moment their credit card is swiped, which removes customer credit card data where it would be at risk from hackers to Merchant Link’s hosted vault. TransactionVault can eliminate post authorization storage of cardholder data from a merchant’s network by storing it in Merchant Link’s PCI DSS compliant data centers.
Made commercially in November, Coalfire Systems PCI Qualified Security Assessors validated Heartland Payment Systems’ “E3” end-to-end encryption magnetic stripe reader wedge eliminates the scope of the Payment Application Data Security Standard (PA-DSS) for POS developers. The “E3” reader prevents plaintext data from being available to the payment application, removing the payment application from PA-DSS scope and encrypts sensitive cardholder data in a tamper-resistant security module to offer a variety of security options to merchants using computer-based POS systems. To fully eliminate PA-DSS scope, Coalfire specifies provisions including that no encrypted data can be stored locally; no other payment systems can be supported; and that merchants cannot possess or have access to decryption keys in their retail or corporate environments. Coalfire also determined the “E3” wedge solution can provide significant risk mitigation of data compromise and is one of the most effective data security controls available to merchants; its use of Format Preserving Encryption (FPE) meets encryption best practices and standards for cryptographic algorithms and key strength and meets industry standards and VISA best practice guidance; and its use of Identity-Based Encryption key management processes removes most of the challenges of key management for the merchant that have been found in many other end point encryption solutions.
The ACI Worldwide solution that provides a managed, hosted version of “ACI Retail Commerce Server” has been drawing new retail customers amidst the challenging economic environment. “ACI On Demand” offers new and existing customers with payment processing software, yet off-loads the cost of hardware and operating system expenses.
During 2008, 30% of ACI’s merchant retail customers in the Americas either renewed or extended their licenses. In addition to these product renewals and extensions, ACI added four new customers last year. The electronic payment systems software provider is expected to release fourth quarter data in February. The Company reported revenue of $108.6 million in the third quarter, a 28% gain over the prior-year period. Net income for the quarter was $1.7 million compared to net loss of $1.3 million during 3Q/07. At the end of the third quarter, there was an estimated 60-month backlog of $1.4 billion compared to $1.3 billion one-year ago. ACI continues to expect full year 2008 sales between $430 million and $440 million. For complete details on ACI’s latest performance visit CardData (www.carddata.com).
VeriFone Holdings has launched a program to secure the implementation of
the PCI SSC Payment Application Data Security Standard. The program
establishes a comprehensive PA-DSS compliance policy aimed at ensuring
protection of cardholder information across virtually all merchant
environments and all types of card acceptance devices. PA-DSS is
intended to ensure secure payment applications do not store prohibited
data, such as full magnetic stripe, CVV2, PIN or other sensitive data,
and are compliant with the PCI DSS. VeriFone expects rapid availability
of its terminal-based payment applications to meet all needs of
acquirers and merchants in complying fully with the PA-DSS mandate.