Biztracker PCI Compliance

Q & A about PCI compliance

What is PCI Compliance? 
It is a set of mandatory rules and requirements that have been set up by the Payment Card Industry (Visa, MasterCard, AMEX, etc.) to provide security solutions to ensure ALL companies that process and transmit credit card information maintain a secure environment.

To whom does PCI apply? 
PCI applies to ALL organizations or merchants, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data. Said another way, if any customer ever pays the merchant directly using a credit card or debit card, then the PCI requirements apply. 

What are the PCI compliance deadlines? 
All merchants should be compliant now. The absolute deadline is June 30, 2010.

Is Biztracker Software PCI Compliant? 
Absolutely. Both of our software programs, Biztracker Infinity (Version 4.0 and above) and Biztracker Retailer (Version 10.0 and above) are PCI Compliant. By being PCI Compliant this relives you of the liability of noncompliance. If you are not using the correct version of the software program above and you are doing credit card transactions through Biztracker POS then you need to be on these versions.

What if I am using PC Charge Software with Biztracker? 
As long as you are using a PCI Compliant version of Biztracker you will need to upgrade to the current version of PC Charge before June 30, 2010. You will need to upgrade PC Charge from time to time to stay compliant.

What if I am using Mercury Payment Systems for Processing with Biztracker? 
As long as you are using a PCI Compliant version of Biztracker you will not have to do anything.

What about hardware devices and PCI Compliance? 
All Pin Pads must meet this requirement. If you are using Biztracker Retailer or Infinity POS with Mercury Payment Systems you must use a VeriFone 1000se Pin Pad. If you are using Biztracker Infinity with VeriFone’s PayWare PC you may use the VeriFone 1000se or the VeriFone MX850 Pin Pads. If you are not using one of these devices you must upgrade to one of these before June 30, 2010.

Are debit card transactions in scope for PCI? 
All cards include any debit, credit, and pre-paid cards branded with one of the five card association/brand logos - American Express, Discover, JCB, MasterCard, and Visa International.

What if a merchant refuses to cooperate? 
PCI is not, in itself, a law. The standard was created by the major card brands such as Visa, MasterCard, Discover, AMEX, and JCB. At their acquirers/service providers discretion, merchants that do not comply with PCI DSS may be subject to fines, card replacement costs, costly forensic audits, brand damage, etc., should a breach event occur. For a little upfront effort and cost to comply with PCI, you greatly help reduce your risk from facing these extremely unpleasant and costly consequences.

What are the penalties for noncompliance?
The payment brands may, at their discretion, fine an acquiring bank $5,000 to $100,000 per month for PCI compliance violations. The banks will most likely pass this fine on downstream till it eventually hits the merchant. Furthermore, the bank will also most likely either terminate your relationship or increase transaction fees. Penalties are not openly discussed nor widely publicized, but they can catastrophic to a small business. It is important to be familiar with your merchant account agreement, which should outline your exposure.

Do states have laws that requiring data breach notifications to the affected parties?
Absolutely. California is the catalyst for reporting data breaches to affected parties. The state implemented breach notification law in 2003 and there are now over 38 states that have similar laws in place. See for more detail on state laws.

If I’m running a business from my home, am I a serious target for hackers? 
Yes, home users are arguably the most vulnerable simply because they are usually not well protected. Adopting a 'path of least resistance' model, intruders will often zero-in on home users - often exploiting their 'always on' broadband connections and typical home use programs such as chat, Internet games and P2P files sharing applications. ControlScan’s scanning service allows home users and network administrators alike to identify and fix any security vulnerabilities on their desktop or laptop computers. 

Please contact us if you have any questions about PCI Compliance and your business.