RetailWins - Retail Pro – Why PCI DSS Compliance?

Retail Pro – Why PCI DSS Compliance?

Is Your Customer's Payment

Information Secure ?

Retail Pro® International, a Point of Sale and Inventory Software is PCI DSS
(Payment Card Industry Data Security Standards) which helps
provide optimum security for Merchants and their Customers.

What is PCI DSS ?

The beginning of the twenty-first century has seen such a sharp rise in consumer payment information fraud the need to have a standard for proactive protection was all but inevitable – Enter the Payment Card Industry (PCI) Data Security Standards (DSS).

The PCI DSS are technical and operational requirements established by the PCI Security Standards Council (PCI SSC) which apply to all payment card network members, merchants and service providers that store, process or transmit cardholder data with specific guidance for software developers and manufacturers of applications and devices used in payment card transactions. The PCI DSS affects all payment channels, including retail (brick-and-mortar), mail/telephone order and e-commerce.

The Council is responsible for managing the security standards, while compliance* with the PCI set of standards is enforced by the founding members of the Council; American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. Participating organizations include merchants, payment card issuing banks, processors, developers and other vendors. Compliance with the PCI DSS helps these organizations alleviate some of the vulnerabilities they face, protect cardholder data, and ensure consistent data security measures on a global basis.

Why is PCI DSS important ?

Often a merchant will make the claim they do not need to be PCI compliant because “they know their system is secure”. It is these scenarios that substantiate the need for a set of guidelines that a merchant can follow to ensure their business does maintain effective measures to protect credit card information from being breached within their network. Failure to do so can have a very severe impact on a merchant’s business, ranging from heavy financial impact and fines to negative public press, impact on their customers and their card information.

The protection of credit card information extends far beyond just ‘knowing’ your systems are secure. There are many facets to system security that will affect a merchant’s potential for a breach that extends above and beyond their Point of Sale system. Basic operational functions such as email and Internet access can result in the Internet-accessibility of a company’s network. These seemingly insignificant paths to and from the Internet can provide unprotected pathways into a merchant’s system and can potentially expose credit card information and cardholder data if not properly monitored and controlled.

Myths & Facts

of PCI DSS

Myth: PCI DSS is not applicable to me

Fact: It is mandatory for every entity that processes, stores or transmits payment card data to comply with the PCI DSS standard. However, this does not mean that the entity needs a PCI DSS certification. The entity can become compliant either through its own mechanisms, or with the help of external parties. Even if an entity does just one swipe in a year, it is mandatory for it to comply with the PCI DSS standard.

Myth: Getting PCI DSS compliant is very capital-intensive

Fact: PCI DSS is one of the most technically-intensive standards. There is no scope for anyone to change the written-down standard, and it has to be followed to the dots and commas. There are several strict requirements such as encryption and application security in PCI DSS certification. This technicality and lack of flexibility often frightens people. They get worried about questions like 'Are we capable of doing it?' and 'Will we need to incur much cost in order to comply?' Resources and capital expenditure become concerns for the company, but these issues can be sorted out with the help of a QSA. The company does not need to spend heavily on controls to get compliant because, technology-wise, there are several open and free solutions available in the market which can be used under the guidance of a QSA.

How can we help you with PCI DSS ?

RetailWins is a division of M/S. Navviti Consulting and Technologies Private Limited, a company constantly striving to provide ‘Customer Delight’ is managed by a group of professionals with a combined experience of over 100 years in Information Technology and Retail Industries.

Our services are focused towards providing Business, Process and Technology Consulting for Retailers across formats in a tangible way modeled around sophisticated Tools and Technology.

As a part of our technology solution basket, we are proud to share that we are leading business partners in Asia for Retail Pro, a product developed by Retail Pro LLC.

Retail Pro is used by 54,000+ Retailers across 127+ Countries and used in 18+ Languages and has a strong 90+-business partner network globally.

PCI Compliance is a continuous process. Retail Pro International, a Point of Sale and Inventory Control software developer has taken great measures to ensure all Retail Pro users have available to them a POS application which protects their payment information and aides in the process of maintaining PCI compliance.