The credit card industry, led by Visa and MasterCard, developed the PCI Security Standards Council (2005) to set security standards that includes requirements for security management, policies, procedures, network architecture, software design, and other critical protective measures. This standard, Payment Card Industry (PCI) Data Security Standard (DSS), was launched in 2005 and recently revised, November 2013, to meet the needs of securing the credit card industries changing environment. This standard provides a comprehensive set of requirements for enhancing payment-account data security.

Today, companies affected by the PCI standard are required to conduct a variety of validation activities, including quarterly vulnerability scans, a self-assessment questionnaire, or an onsite review by an independent third party qualified security assessor, depending on the number and types of transactions conducted by the companies. Addressing PCI compliance is not just a matter of avoiding noncompliance fines, it is about good business: reducing risk, enabling delivery of services over an increasing range of customer channels, and maintaining the trust of customers and business partners.

Benefits of PCI compliance
While some may complain at the requirements for PCI compliance, organizations that have implemented the guidelines have realized the benefits compliance can provide. In addition to creating a trustworthy reputation, customers will be more confident in doing business with these companies.

PCI standards help lower the risk of a group becoming a victim of a data breach. These instances can be embarrassing and costly for an establishment, as each incident can result in fines as high as $500,000 per month. The first step in becoming a PCI compliant organization is for administrators to investigate the requirements in place for their business. Standards can vary depending on what payment card content is dealt with, so it is in executive decision makers’ best interest to do their homework.

The Payment Card Industry Council requires implementing encryption of cardholder data in transmission. This can be achieve using an SSL certificate, which provides the optimum level of website security. In this way, transactions completed over online portals have the best-in-class protection against threats.

The PCI standard accounts for different transaction volumes, payment channels, and level of exposure across companies. The PCI standard lays out 12 specific security areas of responsibility with which companies must comply. These areas are:

• Install and maintain a firewall configuration to protect cardholder data
• Do not use vendor-supplied defaults for passwords and other security parameters
• Protect stored cardholder data
• Encrypt transmission of cardholder data across open, public networks
• Protect all systems against malware and regularly update anti-virus software or programs.
• Develop and maintain secure systems and applications
• Restrict access to cardholder data by business need-to-know
• Identify and authenticate access to system components.
• Restrict physical access to cardholder data
• Track and monitor all access to network resources and cardholder data
• Regularly test security systems and processes
• Maintain a policy that addresses information security

To most IT/security professionals, many of these regulations seem like straightforward commonsense. However, many organizations have trouble complying. Most data breaches occur when a merchant or service provider stores sensitive information on a card’s magnetic stripe in violation of the PCI standard. This makes compliance critically important to your enterprise.

While PCI DSS certainly is comprehensive, the list of 12 areas of responsibilities leaves 12 possible points of failure. Fail one requirement and you fail them all. This “all-or-nothing” approach is both a curse and a blessing. The benefit: enforcing compliance with each of the 12 areas of responsibilities ensures the most secure possible transmission of data. The pitfall: especially for smaller companies, total compliance with the standard can take time and resources to achieve.

The way the standard works now, a merchant or service provider that satisfies 99 percent of the requirements would still receive a failing grade. With this in mind, many experts predict a significant number of organizations may in fact never comply.

In order to prove compliance, payment card organizations require the use of qualified data security companies (QDSCs) to perform an onsite audit review. MasterCard and Visa have established a certification program for vendors to become QDSCs, as well as a program authorizing companies to provide qualified scanning services. These two credit card giants also offer certification programs that train qualified data security practitioners (QDSPs) who perform testing and other security work.

These organizations often offer additional value-added services such as best-practice security assessments, compliance-readiness reviews, system deployment and training, systems integration, and other security and network-related services. In many cases, businesses also can help themselves by purchasing sophisticated security equipment, configuring it to minimize risk, and implementing a host of policies and procedures that comply with the latest data security standards.

ABC Financial

ABC Financial leads the health and fitness industry in software and payment processing solutions. We have one goal: to maximize our clients’ revenue. Our industry knowledge and innovation reflect our 33 years of experience. Today we are the choice of over 4,800 North American health clubs.

Our DataTrak health club management software reflects our dedication to cutting-edge technology in its speed, comprehensiveness, innovation, and security. We’re constantly enhancing our software as a part of our commitment to unparalleled service and to our clients’ bottom line.

If you want your business to thrive with the most advanced club management software, comprehensive payment processing, customer service second-to-none, and customized marketing solutions, choose ABC Financial.

https://www.pcisecuritystandards.org/

http://www.ftc.gov

http://www.thawte.com

https://www.checkpoint.com

The post PCI Compliance and Your Club Management Software appeared first on .

A Club Owner’s time is valuable. You invest many hours maintaining a safe and secure environment for your members and staff. A part of that security is ensuring that your Club is PCI compliant; giving you and your members some assurance that data is safeguarded.
Completing a PCI Program has many benefits. Club Owners are provided with best practices on keeping data safe, how to become compliant and how to reduce your liability in the event member sensitive information is breeched, stolen or compromised. You can become compliant and save time by using Trustwave and ABC’s time saving option.

Did you know you can link multiple club locations together with Trustwave?

Locations that are linked together have many time-saving benefits:

• Only requires one username and password to login to your account
• View your PCI status, scan results and review helpful training materials for all of your locations in one place
• Clubs that are linked are only responsible for completing 1 Self-Assessment Questionnaire (SAQ).

What you should know when linking locations together:

1. You must have the same business policies , practices and procedures at each location
2. If applicable to your business practices, you are still responsible for setting up/installing the External Vulnerability Scanning Agent at each physical location.
   Note: This scan runs in the back ground and checks the external network using the IP address at each location to make sure there are no immediate threats or Vulnerabilities.
3. If one location fails, the rest of the locations attached will mirror the failing status until the issue has been remediated.

How do I link my clubs together?

• Please email your request to PCI@abcfinancial.com including all your club numbers that should be linked together.
• Specify the email address to receive your “Get Started” email.

The post PCI Compliancy Made Simple for Multi-Location Owners appeared first on .

Big data security breaches, where millions of credit card numbers have been stolen or compromised, are in the news now more than ever. What you don’t often hear about is the security breaches that are happening at small and medium-sized businesses every day.

As a result of this serious and growing threat, the five major card networks (Visa, MasterCard, Discover, American Express and JCB) established the Payment Card Industry Data Security Standard (PCI-DSS) as a set of requirements for merchants to use when configuring their IT and payment-processing environments. To become compliant with the PCI-DSS, all merchants must complete an annual Self-Assessment Questionnaire (SAQ) and potentially a network vulnerability scan (only certain business types require scanning).

As a PCI Level I compliant vendor, ABC Financial continues to do the work necessary to be a security conscious partner for you. While this commitment to the security of your data goes a long way towards ensuring you too are PCI compliant, there remains accountability and responsibility at your level. To ensure your business is secure, you need to take steps to address this security business requirement head-on in order to be as protected as you can be.

To help you protect your business using long-term data security best practices, ABC Financial launched the ABC Financial PCI DSS program with our data security partner, Trustwave, a leading provider of security services and PCI DSS compliance validation tools for merchants. You’ve been pre-registered in Trustwave’s TrustKeeper PCI Manager and the simple process will help you activate your account. Have your ABC Merchant ID ready, and follow these simple steps:

1. Visit the program welcome page at pci.trustwave.com/abcfinancial
2. Register in TrustKeeper PCI Manager.
3. Answer the series of questions about how you process payments.
4. Follow the PCI Wizard path to help simplify the self-assessment process.

If you have difficulty logging in, please email TrustKeeper support at support@trustwave.com.

To cover the cost of the PCI program and the value of the services provided, the nominal fee of $19.00 has been assessed on your monthly ABC billing statement starting February 2013. ABC allows 6 months from the first credit card payment processed or provided as documentation to complete the compliancy process. If you decide not to take the necessary steps or show your due diligence in becoming PCI compliant ABC can assess a non-compliancy fee of $49 per month until compliancy is addressed and passed. Any club that has been with ABC prior to February 1, 2013, the non-compliancy start date is August 1, 2013. Anyone starting with ABC after February 1, 2013 will have 6 months from the onboarding date to take the necessary steps and complete the PCI Compliancy program.

If you are not using ABC Financial for your daily payment processing/point-of-sale station and use a third party vendor that requires you to become PCI Compliant then you do not need to complete the process via ABC. In order to show a passing status with ABC and Trustwave, simply email a PDF copy of your Certificate of Attestation to pci@abcfinancial.com. ABC will upload the certificate for you. You may log into your account portal at any time to view the account, check your current status and make changes to your profile.

For questions about the program or your requirements please contact Trustwave at 877-815-3414

The post What You Should Know about ABC’s PCI Program appeared first on .

PCI Compliancy is required for any business, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data. Said another way, if any customer of that organization ever pays the merchant directly using a credit card or debit card, then the PCI DSS requirements apply.

The Payment Card Industry Data Security Standards (PCI DSS) are requirements to ensure that ALL companies processing, storing or transmitting credit card data information maintain a secure environment. The focus is to improve the security of sensitive customer information.

What does it mean to your club that ABC is a certified PCI Compliant company?

ABC does the majority of the heavy lifting, to make it easier for you to become PCI Compliant on the club level. ABC provides the maximum security for your member’s credit card and banking information. This is the encrypted sensitive information that is housed within the DataTrak and MYiCLUBonline software. In fact, ABC is constantly evaluating and updating our product and service offerings to ensure we are doing everything to give you peace of mind!

What do you need to do to become PCI Compliant?

ABC has partnered with Trustwave to help you understand and navigate the process of achieving and maintaining PCI compliancy for your club. By taking the time to become PCI compliant with Trustwave and ABC, you are granted up to $50,000 breach protection per incident if information is compromised.

Begin today by completing these key items and stay one step ahead in your efforts to become PCI Compliant:

1. Register at Trustwave using your Merchant ID number(MID) pci.trustwave.com/abcfinancial. If you are unsure of your status, you may contact Trustwave at 877-815-3414 or ABC Financial at pci@abcfinancial.com for more information.

2. On the Trustwave website, fill out the SAQ (Self-Assessment Questionnaire) that represents your practicing business model*

3. Quarterly, have an Approved Scanning Vendor perform the required Internal Scan. Approved vendors can be found using the following link:
PCI Security Standards

4. Quarterly, have an External Scan performed using the Trustwave TrustKeeper Agent available on the Trustwave website.

5. Follow PCI Best Practices

• Creating a Incidence Response Plan
• Logging ALL visitors in and out of the club
• Marking out the credit card number on paper documents
• Proper disposal of paper and electronic documents with sensitive member information (i.e. shredding, pulping, incinerating, etc.)

*Depending on your current business model, there may be additional items to address for compliancy.

Here is how ABC can help you become PCI Compliant

ABC understands that this can be an overwhelming process. We have created a series of guides to assist with the breakdown of the SAQ Questionnaire. This guide does not give a right or wrong answer; it simply helps you to know which answer applies to your clubs current practices.

What happens if you do NOT become PCI COMPLIANT?

Having a certificate of compliancy is a validation to your customers as well as the card brands that your company is doing their due diligence to protect all sensitive and confidential customer information. As your partner, ABC realizes that your time is valuable and gives each club 6 months from the first credit card payment processed or provided as documentation to complete the compliancy process. If you decide not to take the necessary steps or show your due diligence in becoming PCI compliant, ABC will begin charging a nominal fee of $49.00 per month until compliancy has been addressed and passed.

ABC is dedicated to help ALL our clients achieve PCI Compliancy. If you have any questions regarding PCI Compliance, please contact Margaret Payne at pci@abcfinancial.com or Trustwave at 877-815-3414.

The post Why PCI Compliancy is Important appeared first on .

Unfortunately, data security breaches are in the news with increasing frequency and they often center on reports of credit card numbers being stolen. Now, more than ever, breeches can happen to any business which processes payments online, by mail or in person regardless of the size.

To help with this growing threat, the major credit card brands (Visa, MasterCard, Discover, American Express and JCB) created the Payment Card Industry Data Security Standards (PCI DSS) council. The PCI council has established a standard set of requirements to educate business owners on the best practices to help protect them and their business.

In order to help you safeguard your business, ABC Financial launched the ABC Financial PCI DSS program with our data security partner, Trustwave, a leading provider of security services and PCI DSS compliance validation tools for merchants. This validation consists of completing an annual Self-Assessment Questionnaire (SAQ) and vulnerability scan (only if your business type requires scanning).

A letter was recently sent to the clubs to help owners better understand the new policies and procedures that will be implemented starting February 1, 2013. The letter contains information on how to get started with Trustwave and your current MID (merchant identification) number. If you are ready to start today and have not received the letter, please email ABC Financial at PCI@abcfinancial.com with your name and club number. Once you receive the necessary information please use the link, portal.trustwave.com/abcfinancial to get started with Trustwave.

For questions about the program or your current status, please call Trustwave at 877-815-3414 or email ABC Financial at PCI@abcfinancial.com.

Thank you for taking action to protect the cardholder data you process daily in 2013!

Below are educational materials and resources to provide additional information regarding PCI, our partner Trustwave and ways to minimize fraud.

trustwave.com
pcisecuritystandards.org
mastercard.us
mastercard.us
usa.visa.com

The post Protecting Your Members Data by Becoming PCI Compliant appeared first on .