As retail businesses adopt more omni-channel retailing methods such as e-commerce, m-commerce, social selling, and mobile payments, standard online and mobile payment frauds also pose a problem, exposing confidential information and credit card data of the customers. Hence, businesses and governments are under increased pressure to prioritize data security. To address such issues related to financial data theft and hacking, the Payment Card Industry Security Standards Council (PCI SSC) was formed on December 15, 2004, that released version 1.0 of the Payment Card Industry Data Security Standard (PCI DSS), a proprietary information security standard for organizations to increase controls around cardholder data.
PCI DSS represents a minimum set of control objectives which may be enhanced by local, regional and sector laws and regulations. Additionally, legislation or regulatory requirements may require specific protection of personally identifiable information or other data elements (for example, cardholder name), or define an entity’s disclosure practices related to consumer information. Examples include legislation related to consumer data protection, privacy, identity theft, or data security.
The Payment Application Data Security Standard (PA-DSS) is a subset of the PCI DSS. The PA-DSS applies to software vendors and others who develop payment applications that store, process, or transmit cardholder data as part of authorization or settlement, where these payment applications are sold, distributed, or licensed to third parties. In order to ensure that all sensitive cardholder authentication data is secure, PCI requires merchants, banks, and all other parties that use a third-party application for processing payments to select one that meets the PA-DSS standard.
The following chart details what is required to be PCI DSS compliant (and therefore what a payment application must support to facilitate a customer’s PCI DSS compliance).
The ETP Store Omni-channel POS solution is certified as PA-DSS v3.2 compliant by the PCI SSC. It means that retailers can now feel more secure with the ETP V5.5 POS solutions to provide a secure payment card-related transaction process for their end users.
Being PCI DSS compliant means that, ETP V5 software does not retain, block or store and securely delete any sensitive payment card validation data, provides secure authentication features and facilitates secure remote access to the payment application while maintaining a log of all payment application activity. The PA-DSS certification for ETP V5 Suite is especially significant for customers of ETP Store (POS) and ETP MobileStore (Mobile POS) solution, as ETP V5 is one of very few retail software solutions to be PA-DSS compliant on the market.
“Keeping our customers secure and successful is the number one priority for ETP. We continually push beyond the ordinary and develop omni-channel retail software solutions with secure payment applications that protect wireless transmissions, facilitate secure network implementation and remote software updates and encrypt sensitive cardholder data over public networks,” said Naresh Ahuja, Chairman & CEO, ETP Group. “PA-DSS accreditation is by no means a simple task. However, by accomplishing it, we make it easier for our customers around the world to apply for PCI PA-DSS certification, where the use of compliant software solutions is a key element of demonstrating their ability to protect sensitive card data.”
For more information on ETP V5.5 Omni-channel POS solutions, click here.