SYS-CON MEDIA Authors: Liz McMillan, Carmen Gonzalez, Pat Romanski, Elizabeth White, Gary Arora

Blog Feed Post

The ABC’s of PCI and EMV compliance. What do small businesses need to know?

There are some very basic steps you can take towards making your payment processing solution compliant with PCI and EMV. Payment Card Industry (PCI) and Europay, MasterCard and Visa (EMV) compliance are concerns of any payment processing solution today. 

$20,752 IS THE AVERAGE COST TO A SMALL BUSINESS DUE TO HACKING, UP FROM $8,600 IN 2013 (National Small Business Association)

It’s essential small businesses have an end-to-end payment solution in place that allows for PCI and EMV to be addressed. Cyberattacks are no longer just a problem for large, global enterprises they are a problem for any company of any size with a payment processing solution. Businesses of all sizes can take steps to protect customer information. This was the case for long-time, Banyan customer Franchise Entertainment Group (FEG).

Franchise Entertainment Group (FEG) is Australia’s premier home entertainment group encompassing such iconic brands as Video Ezy, Blockbuster and EzyDVD. FEG’s DVD rental kiosk solution needed to integrate a new EMV-compliant hardware and gateway for payments and have supporting infrastructure. They also needed their team trained on processes to support ongoing compliance.

Here are some of the steps FEG took towards becoming PCI and EMV compliant. Sometimes it is as easy as ABC. Don’t be intimidated by hackers, be prepared.

‘A’ Always be aware of your vulnerabilities

Your business and the customer experience revolve around the point of transaction. It’s where revenue is made and where you can build trust. Whether your point of transaction is a point-of-sale (POS) system or a vending machine, or DVD rental kiosk like FEG, always be aware of points of vulnerability surrounding your devices. Criminals can steal data in a number of ways like inserting “malware” onto the payment system to steal credit card data. Mag stripe readers are at greater risk for data breaches than chip readers. There are several other points of vulnerably shown in this illustration.

Illustration-HowCriminalsGet your Datahttp://banyanhills.com/wp-content/uploads/2016/08/Illustration-HowCrimin... 150w, http://banyanhills.com/wp-content/uploads/2016/08/Illustration-HowCrimin... 300w" sizes="(max-width: 827px) 100vw, 827px" />

‘B’ Bring on a partner that has expertise in PCI and EMV compliance

As the payments landscape continues to evolve, standards and compliance are insurance to your business and your customers that operations will continue to run smoothly and securely. Whether you’re starting out, or scaling up, it can be hard to keep up with the latest standards. You can vastly simplify any PCI concerns about your payment processing environment by going with EMV. However, it’s not without its challenges, especially if current business processes rely on the availability of data obtained directly from the credit card. So don’t go it alone, work with a partner that has expertise in this area. Here are some key learnings from FEG’s integration of EMV.

How you can identify the customer

For FEG, the situation required the payment system to identify the customer (the human) based on the credit card they presented. In a non-EMV world, that is generally accomplished by reading the card data and matching it against data already stored. Similarly, data obtained via a token for the card can also be matched against previously stored data. Conversely, with an EMV situation it’s unlikely you’ll have access to the card data nor you will not have access to the card number. Further, many providers have yet to implement a tokenization routine for EMV-based transactions. We solved for this by partnering closely with the payment provider to develop their technology to support both a limited card read (name, bin, and last 4) as well as a tokenization solution.

What you can do to support recurring billing

Another challenge is recurring billing with an EMV solution. This mirrors the first problem, because you will not have access to the full card information, and the payment processor must provide some means to effectuate a follow-on payment or refund when the card is not present. In FEG’s case, the payment processor had a secondary API that allowed for those payments to be processed, which we had to implement in parallel with the card reader integration.

Consider the impact of network and infrastructure changes

There may be network and other infrastructure related changes that you’ll need to make in order for the EMV transactions to flow through the environment, depending on the solution that is chosen. For example, some card readers may connect directly from the endpoint to the payment processor without first passing through a central enterprise service. Additionally, if you have a large network of terminals, finding a suitable set of hardware could be a challenge. In most cases the hardware needs to fit in existing devices or mounts, and it can be expensive to replace a large number of hardware units. At this time options are limited, as the hardware is mostly available directly from the payment processor as opposed to being able to choose from a set of generally available hardware.

‘C’ Continuously improve to comply

For FEG, finding the right partner put them on the path to PCI and EMV compliance. Their payment processing solution is fully compliant with PCI standards and the team has been trained on processes that will enable them to support evolving requirements to maintain their certification. Additionally, they have a complete, multichannel strategy that enables customers to reserve movies online or from their mobile device.

The PCI Security Standards Council (SSC) announced a significant advancement in its efforts to foster small-business cybersecurity: A set of payment protection resources that acquirers can use to educate and empower the small merchants they serve to fight cybercrime. It’s all about creating a better understanding of the real risks that go along with the method(s) merchants rely on to process payment transactions. To learn more about how EMV can help reduce fraud check out the Merchant Guide: Stepping Up to EMV Chip with PCI.

Take a look at this case study of FEG’s transformation and how they are enabling their business operations with Canopy IoT platform.

Read the original blog entry...

More Stories By Steve Latham

Steve Latham, founder, and CEO of Banyan Hills Technologies, is an Internet of Things expert and strategic technology leader. He founded the company in 2013 to impact the world through technology and a deep commitment to social responsibility. He has a strong track record of leveraging cloud-based technologies to optimize and accelerate business strategy and is highly regarded by his peers for his deep industry knowledge in Retail, Entertainment, Healthcare, and Financial Services.

Latham has successfully led architecture, implementation and delivery for one of the largest self-service, retail exchange kiosk systems in the world. Earlier, he served as CTO for the Entertainment division of NCR, where he helped orchestrate a successful divestiture of the business to Redbox for $125M. Prior to NCR, he held various technology leadership positions at Harland Clarke and led the consolidation of their e-commerce platform to a unified product offering for its customers. Latham serves on the board of directors for various businesses and academic institutions providing technical leadership.

Latest Stories
Cloud-Native thinking and Serverless Computing are now the norm in financial services, manufacturing, telco, healthcare, transportation, energy, media, entertainment, retail and other consumer industries, as well as the public sector. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long development cycles that pro...
The level of trust we have with individuals, businesses, and technology affects our lives daily. This is important to remember when discussing new technologies. For example, our level of trust is a critical factor when evaluating a new technology as a potential solution for providing business value. Given the importance of trust, imagine one's reaction upon hearing that blockchain is a "trustless trust" system. On the surface, that does sound like an oxymoron. This paper discusses how "trustless...
Public clouds dominate IT conversations but the next phase of cloud evolutions are "multi" hybrid cloud environments. The winners in the cloud services industry will be those organizations that understand how to leverage these technologies as complete service solutions for specific customer verticals. In turn, both business and IT actors throughout the enterprise will need to increase their engagement with multi-cloud deployments today while planning a technology strategy that will constitute a ...
Data center, on-premise, public-cloud, private-cloud, multi-cloud, hybrid-cloud, IoT, AI, edge, SaaS, PaaS... it's an availability, security, performance and integration nightmare even for the best of the best IT experts. Organizations realize the tremendous benefits of everything the digital transformation has to offer. Cloud adoption rates are increasing significantly, and IT budgets are morphing to follow suit. But distributing applications and infrastructure around increases risk, introdu...
Moving to Azure is the path to digital transformation, but not every journey is effective. Organizations that start with a cohesive, well-planned migration strategy can avoid common mistakes and stay a step ahead of the competition. Learn from Atmosera CEO, Jon Thomsen about the opportunities and challenges found in three pivotal phases of the journey to the cloud: Evaluation and Architecting, Migration and Management, and Optimization & Innovation. In each phase, there are distinct insights tha...
Most modern computer languages embed a lot of metadata in their application. We show how this goldmine of data from a runtime environment like production or staging can be used to increase profits. Adi conceptualized the Crosscode platform after spending over 25 years working for large enterprise companies like HP, Cisco, IBM, UHG and personally experiencing the challenges that prevent companies from quickly making changes to their technology, due to the complexity of their enterprise. An accomp...
Every organization is facing their own Digital Transformation as they attempt to stay ahead of the competition, or worse, just keep up. Each new opportunity, whether embracing machine learning, IoT, or a cloud migration, seems to bring new development, deployment, and management models. The results are more diverse and federated computing models than any time in our history.
Andrew Keys is co-founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settlement products to hedge funds and investment banks. After, he co-founded a revenue cycle management company where he learned about Bitcoin and eventually Ethereum.
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: Driving Business Strategies with Data Science" is responsible for guiding the technology strategy within Hitachi Vantara for IoT and Analytics. Bill brings a balanced business-technology approach that focuses on business outcomes to drive data, analytics and technology decisions that underpin an organization's digital transformation strategy. Bill has a very impressive background which includes ...
On-premise or off, you have powerful tools available to maximize the value of your infrastructure and you demand more visibility and operational control. Fortunately, data center management tools keep a vigil on memory contestation, power, thermal consumption, server health, and utilization, allowing better control no matter your cloud's shape. In this session, learn how Intel software tools enable real-time monitoring and precise management to lower operational costs and optimize infrastructure...
Most organizations are awash today in data and IT systems, yet they're still struggling mightily to use these invaluable assets to meet the rising demand for new digital solutions and customer experiences that drive innovation and growth. What's lacking are potent and effective ways to rapidly combine together on-premises IT and the numerous commercial clouds that the average organization has in place today into effective new business solutions. New research shows that delivering on multicloud e...
While a hybrid cloud can ease that transition, designing and deploy that hybrid cloud still offers challenges for organizations concerned about lack of available cloud skillsets within their organization. Managed service providers offer a unique opportunity to fill those gaps and get organizations of all sizes on a hybrid cloud that meets their comfort level, while delivering enhanced benefits for cost, efficiency, agility, mobility, and elasticity.
Darktrace is the world's leading AI company for cyber security. Created by mathematicians from the University of Cambridge, Darktrace's Enterprise Immune System is the first non-consumer application of machine learning to work at scale, across all network types, from physical, virtualized, and cloud, through to IoT and industrial control systems. Installed as a self-configuring cyber defense platform, Darktrace continuously learns what is ‘normal' for all devices and users, updating its understa...
Data center, on-premise, public-cloud, private-cloud, multi-cloud, hybrid-cloud, IoT, AI, edge, SaaS, PaaS... it's an availability, security, performance and integration nightmare even for the best of the best IT experts. Organizations realize the tremendous benefits of everything the digital transformation has to offer. Cloud adoption rates are increasing significantly, and IT budgets are morphing to follow suit. But distributing applications and infrastructure around increases risk, introdu...