Easier Ways to Accept Payments
Using the latest payment technology makes your transactions quicker, easier, and more secure.
S300 Integrated Retail PINpad
NCR Silver Quantum
All-in-One Commerce Station
Security You Can Depend On
As a member of the MainStream family, you’ll receive Breach Protection Insurance, which helps safeguard against the significant effects of a data breach. If your business were to undergo a breach, you could be liable for the following expenses:
- A forensic audit when a breach is suspected
- Card replacement costs (and related expenses)
- Assessments and fines levied by card sponsors for data breaches
- Fraudulent charges on the compromised cards
MainStream’s PCI compliance program helps protect your business against network breaches, physical loss, and even employee theft. It also includes protection from data breaches due to network hacking, card skimming, key logging devices, and physical losses resulting from employee dishonesty or third-party theft of computer or paper records.
All Acquirers are responsible for ensuring that all of their merchants comply with the PCI Data Security Standard (DSS) requirements, therefore, all processors are required by the card brands to implement a PCI compliance program.
We’ve partnered with Aperia based on the fact that they provide the best value for our merchants and provide full support in helping you in the compliance process.
Aperia Solutions has led PCI compliance efforts on behalf of millions of merchants, providing self service tools and help desk support to heighten compliance levels with a minimum of cost and interruption.
We have partnered with Aperia to provide your business with a comprehensive set of PCI compliance tools and the support necessary to validate your business’s PCI compliance.
For more information visit: https://www.aperiasolutions.com/Compliance/Pci
Clear Payments has one of the latest cut-offs for next day funding (11 p.m. EST). If a card is charged at 10:59 p.m. EST, your money is available next-day, guaranteed.
Chips embedded in cards contain encrypted data, which is accessed by the reader in the terminal. The terminal sends a code, or “crytogram,” to the processor during the transaction, validating the card and the cardholder. EMV cards can be either “contact” requiring insertion into the terminals, “contactless” where is card is held near the terminal, or hybrid.
Today’s smartphones come equipped with a Near Field Communication (NFC) antenna to enable consumers to make secure purchases via mobile wallets instead of spending time searching their purses or wallets for the correct credit cards to use. To make a purchase, the customer simply holds their smartphone near the NFC-enabled credit card machine to complete the transaction with their default credit card stored within their mobile wallet.
For both you and your customers, the security features of mobile wallets are enhanced by replacing the actual card number with a device account number so the cardholder’s name, credit card number, and card security code are not seen, which adds an extra layer of privacy.
The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure all companies that process, store, or transmit credit card information maintain a secure environment and prevent credit card fraud. Essentially any merchant that has a merchant ID (MID) is required to meet PCI compliance requirements.
PCI applies to all organizations or merchants, regardless of size or number of transactions, that accept, transmit, or store any cardholder data.
Merchants that don’t comply with PCI DSS may be subject to fines, card replacement costs, pricey forensic audits, brand damage, etc., should a breach event occur. Many acquiring banks issue fines for merchants who don’t comply with PCI. The small upfront effort and cost to comply with PCI significantly reduce your risk from facing costly consequences.
The individual card brands are requiring that the Merchant Banks/Processors implement individual compliance programs to educate merchants on compliance and ensure that they meet PCI compliance requirements. They’ve required that all Merchant Banks/Processors have a plan in place to ensure that all of their merchants obtain and maintain compliance with the standard.
The payment brands may fine an acquiring bank anywhere from $5,000 to $100,000 per month, at their discretion, for PCI compliance violations. The card brands will most likely pass this fine on to the Merchant Acquirer until it eventually hits the market.
The time it takes to achieve compliance is dependent upon how you process credit card data. If a vulnerability scan is not required, achieving compliance can be completed in a short amount of time.
Merely using a third-party company does not exclude a company from PCI compliance. It may cut down on your risk exposure and consequently reduce the effort to validate compliance. However, it does not mean you are exempt from PCI. All merchants are required to complete the SAQ annually at a minimum.
It also addresses internal security practices and procedures behind handling credit card data. One of the leading causes of data breaches is due to employee error or carelessness when handling sensitive information – this is why proper policies should be in place and a formal Security Awareness Training should be conducted.
Your business must protect cardholder data when you receive it, and process charge backs and refunds. You must also ensure that providers’ applications and card payment terminals comply with respective PCI standards and do not store sensitive cardholder data.
You should request a certificate of compliance annually from providers.
Utilizing a compliant payment application is a best practice towards achieving compliance, but PCI compliance also covers data security, physical security and network security.
It is extremely difficult to complete the standard PCI Self Assessment Questionnaire without assistance – it was written in a very technical language. We have partnered with Aperia to assist you in the compliance process and offer support as you are completing the SAQ.
Many of the questions in the SAQ require that you have a written Security Policy and a formal Security Awareness Training in place. Without a resource to assist in building the required Security Policy and conduct the formal training, this would be a very time consuming and costly task to complete.
Yes. All businesses that store, process or transmit payment cardholder data must be PCI Compliant.
A network security scan involves an automated tool that checks your systems for vulnerabilities. The tool will conduct a non-intrusive scan to remotely review networks and Web applications based on the external-facing Internet protocol (IP) addresses. The scan will identify vulnerabilities in operating systems, services, and devices that could be used by hackers to target the company’s private network.
As provided by an Approved Scanning Vendor (ASV’s) such as Aperia, the tool will not require you to install any software on your systems, and no denial-of-service attacks will be performed.
Note, typically only merchants with external facing IP address are required to have passing quarterly scans to validate PCI compliance.
If you electronically store cardholder data post authorization, or if your processing systems have any internet connectivity, a quarterly scan by a PCI SSC Approved Scanning Vendor (ASV) is required.
Every 90 days/once per quarter you’re required to submit a passing scan. Merchants and service providers should submit compliance documentation (successful scan reports) according to the timetable determined by their acquirer. Scans must be conducted by a PCI SSC Approved Scanning Vendor (ASV). Aperia is a PCI Approved Scanning Vendor.
Call Aperia and they’ll help you understand the vulnerabilities found on your scan report, if any. They’ll make recommendations on how to correct any problem areas, and arrange additional scans if needed.
- Simply call Aperia toll-free between the hours of 9:00AM EST- 7:00PM EST, Monday-Friday, at 844.216.2241 or visit pciapply.com to access their merchant portal using the following credentials:
- User Name: 14-digit Merchant ID Number, i.e., 848700166XXXXX or 848700189XXXXX
- Password: Last (5) digits of the MID plus the merchant’s UPPERCASE State abbreviation, i.e., XXXXXGA
Yes, home users are arguably the most vulnerable simply because they’re usually not well protected.
Adopting a ‘path of least resistance’ model, intruders often zero-in on home users – exploiting their ‘always on’ broadband connections and typical home use programs such as chat, Internet games and P2P file-sharing programs.
Aperia’s scanning service allows home users and network administrators alike to identify and fix any security vulnerabilities on their desktop or laptop computers.