• Save
Cardholder Information Security Program in Counterpoint
Upcoming SlideShare
Loading in...5

Cardholder Information Security Program in Counterpoint






Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds


Upload Details

Uploaded via as Microsoft Word

Usage Rights

CC Attribution License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    Cardholder Information Security Program in Counterpoint Cardholder Information Security Program in Counterpoint Document Transcript

    • Cardholder Information Security Program In June 2001, Visa initiated the Cardholder Information Security Program (CISP) to define and promote credit card security standards that reduce the risks and costs associated with credit card fraud. In December 2004, Visa—in collaboration with MasterCard and with the endorsement of Discover and American Express—published version 1.0 of the Payment Card Industry (PCI) Data Security Standard, which outlines a set of guidelines that merchants must follow in order to be considered PCI-DSScompliant. These guidelines stipulate, among other requirements, that credit card numbers must be masked on printed receipts and that full card numbers may not be retained on non-secured computer systems. PCI-DSS compliance is essential to ensure that sensitive credit card information is secure and that you are protected from any liability that could arise from the fraudulent use of cardholder data obtained from your computer systems. In April 2006, Visa certified CounterPoint SQL to be compliant with CISP and Payment Application Best Practices (PABP) standards. CounterPoint SQL is listed on Visa’s website (www.visa.com/cisp) as a Validated Payment Application. The CounterPoint SQL online help includes topics to guide merchants in setting up fully PCI-DSS compliant systems, including advice for adhering to requirements that are not related to CounterPoint. CPGateway also meets all PCI-DSS compliance standards. Radiant is named on Visa’s website (www.visa.com/cisp) as a PCI DSS-Compliant Service Provider for CPGateway. Configuring CounterPoint SQL properly is only part of an overall PCI-DSS compliance strategy. Attaining PCI-DSS compliance requires you to evaluate your business practices to make certain that you have the appropriate policies in place and that your staff is vigilant to the risks of credit card fraud. To ensure that you are following all published guidelines regarding PCI-DSS compliance, download and review the PCI Data Security Standard from www.visa.com/cisp. If you are not taking the necessary steps to adhere to the requirements outlined in the PCI Data Security Standard, your business is open to dangerous and potentially expensive liability. While Radiant can assist you and your CounterPoint Business Partner in configuring CounterPoint SQL to be PCI-DSS compliant, we cannot function as an independent auditor or advisor regarding your general CISP compliance. Refer to www.counterpointpos.com/cisp for additional information about PCI-DSS compliance.
    • CounterPoint PA-DSS Compliance When your customer pays you with a credit card-in-store, online, or by phone-you collect cardholder information. You need to protect that information. The card brands including Visa, MasterCard, American Express and others enforce strict guidelines based on the Payment Card Industry Data Security Standards (PCI-DSS) for any system that processes, stores or transmits credit card data. This is just one component of the 12 requirements that PCI administers to ensure that cardholder information is secure and protected against theft. As a merchant who accepts credit cards, you are responsible for adequately securing your customers' cardholder information wherever it resides-on your computers, in a drawer, or in a filing cabinet. If you fail to do so, Visa, the other card brands and your bank-under the terms of your Merchant Processing Agreement-can hold you accountable for fines, and for any losses they suffer from the fraudulent use of cardholder data obtained from your business. Although it is just one part of the overall PCI requirements, if your system is not PADSS validated, your business is at extreme financial risk. Get, and keep, your CounterPoint system PA-DSS compliant with the CounterPoint Subscription Service.. PCI-Compliant Software and Services In today's world of heightened security concerns, NCR is committed to providing you with solutions that protect your customers' information. All of our latest software versions go through an extensive audit process to ensure that they are validated with the Payment Application Data Security Standards (PA-DSS). NCR Counterpoint V7 and NCR Counterpoint are approved by Visa as PA-DSS Validated Payment Applications. In addition, NCR Counterpoint Gateway and NCR Counterpoint Online are approved by the PCI Security Standards Council (PCI-SSC) as PCI-Compliant Service Providers. As PA-DSS-Validated Payment Applications, NCR Counterpoint V7 and NCR Counterpoint adhere to all PA-DSS requirements through the security features below: Password security settings support PCI-compliant password policies. All passwords and credit card numbers are encrypted. Full credit card numbers are not displayed or printed; all card numbers are masked to display only the first 6 and the last 4 digits. Magnetic stripe track data is not retained in the CounterPoint database. CVV2/CVC2/CID data (i.e., verification numbers printed on each card) is not retained. Retention of full credit card numbers in history is optional; full card numbers retained in history are encrypted.
    • Keeping Your Software Compliant PA-DSS requirements will continue to change. To meet the PCI-SSC’s current and future PA-DSS requirements, you must keep your CounterPoint software up to date. CounterPoint Subscription Service (CSS) will keep your CounterPoint system compliant with the PCI-SSC’s ever-changing requirements. With CSS, you automatically receive new CounterPoint features and enhancements as they are added to the software. If your CSS is expired, you can renew online today. Learn More Additional information can be found on the following websites: Payment Application Data Security Standard PCI Security Standards Visa (Risk Management)