Business Name
Date

• Started in 1999
• Headquartered in Redwood City, CA. - operations center located in
Spokane, WA - 200 US Employees
• Cielo – Largest Latin America processor – 1800 employees
• Won Stevie Award in 2012 for excellence in customer service
• Innovative Technology and Proprietary Platform, Payment Gateway
• Process 14 billion annually for 70,000 merchants
• In 2012 57% of our business ecommerce customers
• PCI Compliant

• Securing the system
• Securing the transaction

• 2001 – Visa mandates CISP (Cardholder Information Security
Program)
• 2004 – In a joint effort – Visa/MC create industry standard PCI DSS
(Payment Card Industry Data Security Standard)
• 2006 – PCI Security Standards Council takes over all documentation efforts for PCI
• 2008 – Acquirers must not board any non PCI compliant
• 2010 – Acquirers must ensure existing merchants are using PCI compliant product and deactivate any non compliant products
• 2013 – Chip cards
Card Associations still responsible for mandating all rules

• Build and Maintain a Secure Network
• Protect Cardholder Data
• Maintain a Vulnerability Management Program
• Implement Strong Access Control Measures
• Regularly Monitor and Test Networks
• Maintain an Information Security Policy

Point-of-Sale Security Tips! When it comes to hackers stealing your information, it may be easy to think that will never happen to me. But you might be surprised to know that most attacks are directed against small companies and most can be prevented with a few small and relatively easy steps. 1) Change administrative passwords on all point-of-sale systems.
Hackers scan the internet for easily guessable passwords. 2) Implement a firewall. 3) Avoid using computers with point-of-sale systems to browse the web. 4) Make sure the point-of-sale solution your business uses to process transactions meets Payment Card Industry (PCI) Data Security Standards
(DSS). To confirm that third-party solutions are compliant, go to this link: www.usa.visa.com/download/merchants/cisp-list-of-pcidss-compliantservice-providers.pdf . Following these simple practices will help protect your business and your customers from credit card information securityrelated problems.

• Third Party Entities
• Merchants
• Acquirers and Processors
• Cardholders

PCI Validation Measures
Merchant Level*
1
2
3
Description
Merchants processing over 6 million Visa transactions annually (all channels) or global merchants identified as Level 1 by any Visa region**
Any merchant that Visa, at its sole discretion, determines should meet the Level 1 merchant requirements to minimize risk to the Visa system.
Any merchant-regardless of acceptance channel-processing 1,000,000 to 6,000,000 Visa transactions per year.
Any merchant processing 20,000 to 1,000,000 Visa e-commerce transactions per year.
4
Any merchant processing fewer than 20,000 Visa e-commerce transactions per year, and all other merchants-regardless of acceptance channel-processing up to 1,000,000 Visa transactions per year.

Compliance Basics
Level
1
2
3
4*
Validation Action
•Annual On-site PCI Data Security
Assessment and
•Quarterly Network Scan
Validated By
•Qualified Security Assessor or Internal Audit if signed by Officer of the company
•Approved Scanning Vendor
•Annual PCI Self-Assessment Questionnaire and
•Quarterly Network Scan
•Annual PCI Self-Assessment Questionnaire and
•Quarterly Network Scan
•Annual PCI Self-Assessment Questionnaire and
•Quarterly Network Scan (if applicable)
•Merchant
•Approved Scanning Vendor
•Merchant
•Approved Scanning Vendor
•Merchant
•Approved Scanning Vendor

• Fines by Acquirer for Non Compliance
• Card Association Fines
• Breach Risks

• TJ Maxx – 45.7 mm cards exposed - $40mm fine
• Aloha – unknown – retailers out of business
• Citigroup -unknown
• Heartland – 100 million cards exposed
• Global Payments – unknown
• Individual Cardholder Fraud

• Goal is to get paid and not pay a lot for it
• Decrease chargebacks
• Add enhanced value for recurring customers

• Swiping transaction and capturing signature
• Clearing transaction in timely manner
• Address Verification (AVS) – address and zip
• Card Verification Value (CVV)
• Verified by Visa
• MasterCard Secure Code
• Chip Cards (2013)
• Validate Only
• Judgment Call

• Result in higher interchange fees
• Integrity Fees
• Misuse Fees
• Chargeback Potential Increases

• Swiped/CNP Purchasing B2B
• 2.40% plus $0.10 per item
• Downgrades – Purchasing Standard
• 2.95% plus $0.10 per item

• Swiped/CNP Purchasing B2B
• 2.40% plus $0.10 per item
• Downgrades – Purchasing Standard
• 2.95% plus $0.10 per item
• Purchasing Level 2 (adding customer code & sales tax)
• 2.05% plus $0.10 per item
• Purchasing Level 3 (adding line item detail)
• 1.95% plus $0.10 per item

Cheryl Hansen
Davisware
847-426-6000 Ext 119
Angela Floyd
Merchant e-Solutions
803-968-1635