Pci-compliance

An American Banker article discusses the Payment Card Industry's July 1st compliance deadline, highlighting concerns about retailer readiness. Payments consultant Paul Martaus estimates that around 20% of retailers will likely remain non-compliant by the deadline. This non-compliance is partly due to many retailers using outdated terminals incapable of supporting PCI-compliant applications.

Desktop applications are struggling to meet increasingly strict PCI DSS regulations for credit card payments, leading to compliance challenges. Two solutions are presented: rewriting the entire application for PCI compliance, which is costly and ongoing, or outsourcing the payment processing to a PCI-compliant vendor via an embedded secure webpage. The latter option simplifies compliance by reducing PCI scope and utilizes tokenization for secure and efficient future transactions within the desktop application.

PCI, or Payment Card Industry Security Standards Council, was formed by major credit card companies to protect cardholder data through the Payment Card Industry Data Security Standard. This standard mandates annual compliance reviews for organizations processing credit card transactions, with the type of review depending on transaction volume. Merchants can reduce their PCI compliance burden by accepting eChecks, using tokenization, or utilizing their provider's secure web payment page.

Securely hosted payment pages are offered by payment processors to simplify online payments for merchants, but features vary across providers. Key considerations when choosing a payment page include PCI compliance, customization options for branding and data fields, supported payment methods like eChecks, and the availability of both single and recurring payment options. Merchants should prioritize ease of use and ensure these secure pages are included without additional fees.

Software developers with applications processing credit cards face PCI compliance, with options being costly audits or application redesign. A simpler, cheaper approach is to remove credit card storage by using tokenization: replacing card numbers with secure tokens from a payment processor. By storing tokens instead of credit card numbers, applications can achieve PCI compliance without extensive audits and maintain rebilling functionality.