PCI Knowledgebase

CAP has put together the following knowledgebase of links and information to help keep retailers educated and up to date on the latest security issues and requirements for the Payment Card Industry.  It is imperative that you, the retailer, understand the implications of the latest data security standards as they apply to you and your business. Merchants who take the time to understand PCI Standards, give themselves better protection from potentially crippling fines and penalties that can result from security breaches.

CAP is dedicated to providing secure software products, but security can’t just be bought.  Security must include a set of practices and processes as well as a mindset that your business follows consistently in order to remain protected.  To that end, CAP is committed to being a part of the solution from a product and information standpoint.

Please take the time to review the links below and don’t hesitate to seek help from your Reseller or any of the resources listed here.  We want you and your customers to be safe at a time when there are more security risks than ever before.  Let CAP be a part of your ongoing security practices.

CAP Software PCI Certified Products:

  • SellWise Pro 8, SellWise Pro 7 & SellWise 2008
  • Cash ‘n Carry 2011, Cash ‘n Carry 2009 & Cash ‘n Carry 2008

List of PABP Validated Payment Applications:

http://usa.visa.com/download/merchants/validated_payment_applications.pdf

New PCI Guidelines for Managing Wireless and Bluetooth Devices in the POS Space.

https://www.pcisecuritystandards.org/pdfs/PCI_DSS_Wireless_Guideline_with_WiFi_and_Bluetooth_082211.pdf

The PCI security framework is governed by the PCI Security Standards Council.  Their website can be found here:

https://www.pcisecuritystandards.org/

The full PCI Data Security Standard for Retailers is what you need to understand, follow, and apply to your business to achieve compliance and security.  Download it here:

https://www.pcisecuritystandards.org/security_standards/documents.php?category=standards

This supporting documentation will help you understand and implement the DSS:

https://www.pcisecuritystandards.org/security_standards/documents.php?category=standards

The Self-Assessment Questionnaire is designed to help you review your business infrastructure and practices to determine your level of PCI compliance.  SAQ for Merchants:

https://www.pcisecuritystandards.org/merchants/self_assessment_form.php

The VISA Cardholder Information Security Program(CISP)- VISA has been one of the primary drivers of the push for greater cardholder protection and store security.  The CISP has led to the PCI standard and VISA continues to provide information and resources for retailers.  VISA also requires merchants to comply with these standards to avoid fines and penalties.  See the overview here:

http://usa.visa.com/merchants/risk_management/cisp.html?ep=v_sym_cisp

Please review the basics for merchants:

http://usa.visa.com/merchants/risk_management/cisp_overview.html

Also review and understand the guidelines and documents for merchants like yourself.  PCI compliance is designed to prevent cardholder data loss and theft, and VISA is prepared to react in a highly punitive manner in the event of a breach of an unsecured system.  See the requirements for merchants:

http://usa.visa.com/merchants/risk_management/cisp_merchants.html

VISA Alerts and other useful media:

http://usa.visa.com/merchants/risk_management/cisp_alerts.html

Tools and FAQ:

http://usa.visa.com/merchants/risk_management/cisp_tools_faq.html

Verifone is a payment-processing solutions company that produces research and information on payment security.  It has excellent documentation and recommendations on security here:

http://www.verifone.com/about-us/industry-leadership/security.aspx

Verifone’s Industry Security News Site, an excellent source for merchants:

http://www.secureretailpayments.com/