Merchant Account Show
The Merchant Account Show should help you with your merchant account and electronic payment gateways. Also
hopefully it will help explain some fraud attempts and how to notice fraud
on your orders. Remember, the net powers us!
Merchant Account Show Categories
Merchant Account Show Archives
- March 2008
- February 2008
- January 2008
- December 2007
- October 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- January 2007
- December 2006
My Merchant Account Blog Recent Entries
- Payment Application Best Practices from Visa
- Allowing Others to Use Your Merchant Account
- Merchant Direct Access Service
- How to Handle a Large Order
- Discount Rates
- PCI Compliancy is not Just About Scanning
- Merchant Account Reviews
- Introduction to Data Security Requirements
- Tips from Visa to Help Merchants Fight Fraud
- Merchant Accounts - Which One Is Right For You
The Merchant Account Show is brought to you by LoudCommerce with voice talent provided by Lynn Brooks.
Payment Application Best Practices from Visa
Monday, March 31, 2008
High profile breaches of cardholder data have garnered a lot of attention in the media. Most of us have read or heard about the 40 million cards that were compromised at CardSystems, or the 100 million cards compromised at TJX. As a result of these breaches, the payment industry developed the Payment Card Industry (PCI) Data Security Standard (DSS). However, complying with the PCI DSS can be complicated and expensive, especially for smaller merchants. Although we may not read about it in the press, breaches at smaller merchants occur every day because the payment hardware and software they use is not compliant with PCI DSS.In an effort to make compliance with the PCI DSS a little easier for merchants who use payment application software, Visa developed the Payment Application Best Practices (PABP). The PABP applies to software applications that store, process, or transmit cardholder data as part of authorization or settlement. It does not apply to software developed in-house by merchants since that would be covered under the merchant’s normal PCI DSS compliance.
Software vendors are required to have their payment applications certified as PABP compliant by a Qualified Application Security Professional that is employed by a Qualified Payment Application Security Company. Once compliant, Visa will include the software vendor and product version in a list of validated payment applications for one year. Software vendors must re-validate their payment applications each year to remain on the list.
The PABP mandates are designed to eliminate the use of non-secure/vulnerable payment applications from the Visa system. They require that members ensure that merchants do not use applications that retain prohibited data elements and use payment applications that adhere to Visa’s PABP. If you are using a payment application from a software vendor that is not PABP compliant then you will not be able to comply with the PCI DSS.
As of January 1, 2008 new merchants are not allowed to establish a merchant account using a non-compliant payment application. Existing merchants should check with their agent or ISO to make sure their payment application is on the list of PABP compliant applications.
