The General Manager of SafeCharge Israel talks about the new payment regulation challenges faced by online merchants
On the 1st of June 2015, the new PCI (Payment Card Industry) 3.0 standard became mandatory and all merchants are expected to move to the new standard.
All online merchants who process, transmit or store customer credit cards need to comply with the Payment Card Industry Data Security Standard (PCI DSS, or as its more commonly known PCI Compliance), which is a complex and demanding set of requirements for payment data protection.
For online merchants who manage their own PCI compliance, this can be time consuming and risky, as holding customers’ credit card details on file makes them more vulnerable to malicious hackers. If PCI compliance is outsourced, there are no credit card details on its system as all the card data is processed and stored by a third-party provider, so minimising the liability of their compliance responsibilities.
Outsourcing reduces or eliminates PCI scope, and minimising scope is the simplest way for a merchant to achieve PCI compliance. An outsourced provider should be properly certified, and use the latest technology. All of the merchant’s IT infrastructure should be taken out of PCI scope, as any part of the merchant’s IT system which processes, stores or transmits cardholder data comes under PCI regulations.
One of the methods in which an outsource provider can remove a merchant from PCI scope is tokenisation, whereby a customer’s card details (the primary account number – PAN) are replaced by a token that has no exploitable meaning or value, and takes the place of the card details. With tokenisation, if a hacker were to gain entry to the merchant’s system all he/she would get would be the token, which will be of no use as the hacker has no means of de-tokenisation.
Most of the changes introduced with PCI 3.0 are clarifications and tweaks to existing requirements. The Regulation refinements cover everything from the definition of scope and methods of documentation to new ways of preventing fraud at the point of sale. For merchants who do not outsource their PCI requirements, they will find an ever-increasing amount of their technology systems come under the scope of version 3.0.
It’s not only workstations that handle the credit card data that is included in the scope, it’s now more defined in the regulations that any potentially vulnerable server or workstation that touches the merchant’s network has to be PCI DSS compliant. This extension of the scope has been brought about as a hacker could get into a network by a lesser protected workstation and subsequently gain access to a merchant’s customer data on the supposedly more secure parts of the network.
When deciding on what route to take to be PCI 3.0 compliant, merchants need to consider the following changes to the standards that are now required:
A firewall configuration needs to be installed and maintained to protect cardholder data
Vendor supplied defaults should not be used for system passwords and other security parameters
Stored cardholder data needs to be protected
Encrypt transmission of cardholder data across open public networks
All systems need to be protected against malware
Anti-virus software needs to be regularly updated
Develop and maintain secure systems and applications
Restrict access to cardholder data by “need to know”
Identify and authenticate access to systems components
Restrict physical access to cardholder data
Track and monitor all access to network resources and cardholder data
Regularly test security systems and processes
Maintain a policy that looks at information security for all staff
Finally, something that is out of a merchant’s control, but ironically still part of the merchant’s liability, is that all third parties handling customer credit card data on behalf of a merchant will be included in the new scope. So outsource to payment providers that have a solid list of clients utilising their descoping solution and that perform continuous maintenance checks in adherence with all PCI standards and updates.
This article is part of the FinanceMagnates Community project. If you wish to become a guest contributor, pleaseapply here.
On the 1st of June 2015, the new PCI (Payment Card Industry) 3.0 standard became mandatory and all merchants are expected to move to the new standard.
All online merchants who process, transmit or store customer credit cards need to comply with the Payment Card Industry Data Security Standard (PCI DSS, or as its more commonly known PCI Compliance), which is a complex and demanding set of requirements for payment data protection.
For online merchants who manage their own PCI compliance, this can be time consuming and risky, as holding customers’ credit card details on file makes them more vulnerable to malicious hackers. If PCI compliance is outsourced, there are no credit card details on its system as all the card data is processed and stored by a third-party provider, so minimising the liability of their compliance responsibilities.
Outsourcing reduces or eliminates PCI scope, and minimising scope is the simplest way for a merchant to achieve PCI compliance. An outsourced provider should be properly certified, and use the latest technology. All of the merchant’s IT infrastructure should be taken out of PCI scope, as any part of the merchant’s IT system which processes, stores or transmits cardholder data comes under PCI regulations.
One of the methods in which an outsource provider can remove a merchant from PCI scope is tokenisation, whereby a customer’s card details (the primary account number – PAN) are replaced by a token that has no exploitable meaning or value, and takes the place of the card details. With tokenisation, if a hacker were to gain entry to the merchant’s system all he/she would get would be the token, which will be of no use as the hacker has no means of de-tokenisation.
Most of the changes introduced with PCI 3.0 are clarifications and tweaks to existing requirements. The Regulation refinements cover everything from the definition of scope and methods of documentation to new ways of preventing fraud at the point of sale. For merchants who do not outsource their PCI requirements, they will find an ever-increasing amount of their technology systems come under the scope of version 3.0.
It’s not only workstations that handle the credit card data that is included in the scope, it’s now more defined in the regulations that any potentially vulnerable server or workstation that touches the merchant’s network has to be PCI DSS compliant. This extension of the scope has been brought about as a hacker could get into a network by a lesser protected workstation and subsequently gain access to a merchant’s customer data on the supposedly more secure parts of the network.
When deciding on what route to take to be PCI 3.0 compliant, merchants need to consider the following changes to the standards that are now required:
A firewall configuration needs to be installed and maintained to protect cardholder data
Vendor supplied defaults should not be used for system passwords and other security parameters
Stored cardholder data needs to be protected
Encrypt transmission of cardholder data across open public networks
All systems need to be protected against malware
Anti-virus software needs to be regularly updated
Develop and maintain secure systems and applications
Restrict access to cardholder data by “need to know”
Identify and authenticate access to systems components
Restrict physical access to cardholder data
Track and monitor all access to network resources and cardholder data
Regularly test security systems and processes
Maintain a policy that looks at information security for all staff
Finally, something that is out of a merchant’s control, but ironically still part of the merchant’s liability, is that all third parties handling customer credit card data on behalf of a merchant will be included in the new scope. So outsource to payment providers that have a solid list of clients utilising their descoping solution and that perform continuous maintenance checks in adherence with all PCI standards and updates.
This article is part of the FinanceMagnates Community project. If you wish to become a guest contributor, pleaseapply here.
easyMarkets Renews Real Madrid C.F Partnership Following FSCA Approval
Executive Interview with Elina Pedersen | Your Bourse | FMLS:24
Executive Interview with Elina Pedersen | Your Bourse | FMLS:24
Executive Interview with Elina Pedersen, Chief Revenue Officer at Your Bourse at the Finance Magnates London Summit 2024
#fmls #fmls24 #fmevents #RetailTrading #FintechInnovation #nvidia #DigitalAssets #GlobalFinance #globalbanking
📣 Stay updated with the latest in finance and trading!
Follow FMevents across our social media platforms for news, insights, and event updates.
Connect with us today:
🔗 LinkedIn: https://www.linkedin.com/showcase/financemagnates-events/
👍 Facebook: https://www.facebook.com/FinanceMagnatesEvents
📸 Instagram: https://www.instagram.com/fmevents_official
🐦 Twitter: https://twitter.com/F_M_events
🎥 TikTok: https://www.tiktok.com/@fmevents_official
▶️ YouTube: https://www.youtube.com/@FinanceMagnates_official
Don't miss out on our latest videos, interviews, and event coverage.
Subscribe to our YouTube channel for more!
Executive Interview with Elina Pedersen, Chief Revenue Officer at Your Bourse at the Finance Magnates London Summit 2024
#fmls #fmls24 #fmevents #RetailTrading #FintechInnovation #nvidia #DigitalAssets #GlobalFinance #globalbanking
📣 Stay updated with the latest in finance and trading!
Follow FMevents across our social media platforms for news, insights, and event updates.
Connect with us today:
🔗 LinkedIn: https://www.linkedin.com/showcase/financemagnates-events/
👍 Facebook: https://www.facebook.com/FinanceMagnatesEvents
📸 Instagram: https://www.instagram.com/fmevents_official
🐦 Twitter: https://twitter.com/F_M_events
🎥 TikTok: https://www.tiktok.com/@fmevents_official
▶️ YouTube: https://www.youtube.com/@FinanceMagnates_official
Don't miss out on our latest videos, interviews, and event coverage.
Subscribe to our YouTube channel for more!
Executive Interview with Rauan Khassan | TradingView | FMLS:24
Executive Interview with Rauan Khassan | TradingView | FMLS:24
Executive Interview with Rauan Khassan from TradingView at the Finance Magnates London Summit 2024
#fmls #fmls24 #fmevents #RetailTrading #FintechInnovation #nvidia #DigitalAssets #GlobalFinance #globalbanking
📣 Stay updated with the latest in finance and trading!
Follow FMevents across our social media platforms for news, insights, and event updates.
Connect with us today:
🔗 LinkedIn: https://www.linkedin.com/showcase/financemagnates-events/
👍 Facebook: https://www.facebook.com/FinanceMagnatesEvents
📸 Instagram: https://www.instagram.com/fmevents_official
🐦 Twitter: https://twitter.com/F_M_events
🎥 TikTok: https://www.tiktok.com/@fmevents_official
▶️ YouTube: https://www.youtube.com/@FinanceMagnates_official
Don't miss out on our latest videos, interviews, and event coverage.
Subscribe to our YouTube channel for more!
Executive Interview with Rauan Khassan from TradingView at the Finance Magnates London Summit 2024
#fmls #fmls24 #fmevents #RetailTrading #FintechInnovation #nvidia #DigitalAssets #GlobalFinance #globalbanking
📣 Stay updated with the latest in finance and trading!
Follow FMevents across our social media platforms for news, insights, and event updates.
Connect with us today:
🔗 LinkedIn: https://www.linkedin.com/showcase/financemagnates-events/
👍 Facebook: https://www.facebook.com/FinanceMagnatesEvents
📸 Instagram: https://www.instagram.com/fmevents_official
🐦 Twitter: https://twitter.com/F_M_events
🎥 TikTok: https://www.tiktok.com/@fmevents_official
▶️ YouTube: https://www.youtube.com/@FinanceMagnates_official
Don't miss out on our latest videos, interviews, and event coverage.
Subscribe to our YouTube channel for more!
Executive Interview with Nadia Edwards-Dashti | Harrington Star | FMLS:24
Executive Interview with Nadia Edwards-Dashti | Harrington Star | FMLS:24
Fintech Talent in the UK: The Human Factor Driving Industry Change 🌟
What does it take to attract, retain, and upskill the best fintech talent in today’s rapidly evolving UK market? In this engaging interview, Nadia Edwards-Dashti, Chief Customer Officer at Harrington Star, explores the future of talent recruitment, the rise of sales roles, and how AI is reshaping the industry—without replacing the human touch.
#fmls #fmls24 #fmevents #recruitment #financialcareers
📣 Stay updated with the latest in finance and trading!
Follow FMevents across our social media platforms for news, insights, and event updates.
Connect with us today:
🔗 LinkedIn: https://www.linkedin.com/showcase/financemagnates-events/
👍 Facebook: https://www.facebook.com/FinanceMagnatesEvents
📸 Instagram: https://www.instagram.com/fmevents_official
🐦 Twitter: https://twitter.com/F_M_events
🎥 TikTok: https://www.tiktok.com/@fmevents_official
▶️ YouTube: https://www.youtube.com/@FinanceMagnates_official
Don't miss out on our latest videos, interviews, and event coverage.
Subscribe to our YouTube channel for more!
Fintech Talent in the UK: The Human Factor Driving Industry Change 🌟
What does it take to attract, retain, and upskill the best fintech talent in today’s rapidly evolving UK market? In this engaging interview, Nadia Edwards-Dashti, Chief Customer Officer at Harrington Star, explores the future of talent recruitment, the rise of sales roles, and how AI is reshaping the industry—without replacing the human touch.
#fmls #fmls24 #fmevents #recruitment #financialcareers
📣 Stay updated with the latest in finance and trading!
Follow FMevents across our social media platforms for news, insights, and event updates.
Connect with us today:
🔗 LinkedIn: https://www.linkedin.com/showcase/financemagnates-events/
👍 Facebook: https://www.facebook.com/FinanceMagnatesEvents
📸 Instagram: https://www.instagram.com/fmevents_official
🐦 Twitter: https://twitter.com/F_M_events
🎥 TikTok: https://www.tiktok.com/@fmevents_official
▶️ YouTube: https://www.youtube.com/@FinanceMagnates_official
Don't miss out on our latest videos, interviews, and event coverage.
Subscribe to our YouTube channel for more!
Executive Interview with Roberto Politano | Finnovate Finance | FMLS:24
Executive Interview with Roberto Politano | Finnovate Finance | FMLS:24
Executive Interview with Roberto Politano from Finnovate Finance at the Finance Magnates London Summit 2024
#fmls #fmls24 #fmevents #RetailTrading #FintechInnovation
📣 Stay updated with the latest in finance and trading!
Follow FMevents across our social media platforms for news, insights, and event updates.
Connect with us today:
🔗 LinkedIn: https://www.linkedin.com/showcase/financemagnates-events/
👍 Facebook: https://www.facebook.com/FinanceMagnatesEvents
📸 Instagram: https://www.instagram.com/fmevents_official
🐦 Twitter: https://twitter.com/F_M_events
🎥 TikTok: https://www.tiktok.com/@fmevents_official
▶️ YouTube: https://www.youtube.com/@FinanceMagnates_official
Don't miss out on our latest videos, interviews, and event coverage.
Subscribe to our YouTube channel for more!
Executive Interview with Roberto Politano from Finnovate Finance at the Finance Magnates London Summit 2024
#fmls #fmls24 #fmevents #RetailTrading #FintechInnovation
📣 Stay updated with the latest in finance and trading!
Follow FMevents across our social media platforms for news, insights, and event updates.
Connect with us today:
🔗 LinkedIn: https://www.linkedin.com/showcase/financemagnates-events/
👍 Facebook: https://www.facebook.com/FinanceMagnatesEvents
📸 Instagram: https://www.instagram.com/fmevents_official
🐦 Twitter: https://twitter.com/F_M_events
🎥 TikTok: https://www.tiktok.com/@fmevents_official
▶️ YouTube: https://www.youtube.com/@FinanceMagnates_official
Don't miss out on our latest videos, interviews, and event coverage.
Subscribe to our YouTube channel for more!
#fmls #fmls24 #fmevents #cyptotrading #DigitalAssets #pepperstone
📣 Stay updated with the latest in finance and trading!
Follow FMevents across our social media platforms for news, insights, and event updates.
Connect with us today:
🔗 LinkedIn: https://www.linkedin.com/showcase/financemagnates-events/
👍 Facebook: https://www.facebook.com/FinanceMagnatesEvents
📸 Instagram: https://www.instagram.com/fmevents_official
🐦 Twitter: https://twitter.com/F_M_events
🎥 TikTok: https://www.tiktok.com/@fmevents_official
▶️ YouTube: https://www.youtube.com/@FinanceMagnates_official
Don't miss out on our latest videos, interviews, and event coverage.
Subscribe to our YouTube channel for more!
#fmls #fmls24 #fmevents #cyptotrading #DigitalAssets #pepperstone
📣 Stay updated with the latest in finance and trading!
Follow FMevents across our social media platforms for news, insights, and event updates.
Connect with us today:
🔗 LinkedIn: https://www.linkedin.com/showcase/financemagnates-events/
👍 Facebook: https://www.facebook.com/FinanceMagnatesEvents
📸 Instagram: https://www.instagram.com/fmevents_official
🐦 Twitter: https://twitter.com/F_M_events
🎥 TikTok: https://www.tiktok.com/@fmevents_official
▶️ YouTube: https://www.youtube.com/@FinanceMagnates_official
Don't miss out on our latest videos, interviews, and event coverage.
Subscribe to our YouTube channel for more!