At POS Nation, we strive to offer the best resources available to our customers. In addition to helping you build the perfect POS system, we are here to help you select the optimal payment processing partner for your company.
Whether your business is a retail store, or a specialty business, having integrated credit card processing with your POS system allows you to quickly and securely accept multiple payment options, including credit, debit, gift cards, and loyalty cards.
Through POS Nation Merchant Services, we now offer in-house payment processing to provide a true turnkey POS solution. We can now easily provide a rate comparison, assist with your merchant services application, and integrate payment processing on your point of sale.
More often than not, because we offer an integrated payment processing solution, we're able to save our customers money compared to when they use third-party processors.
Ultimately, our goal is to find each customer the right payment processing partner. This is why we have developed strategic partnerships with many leading payment processors including Mercury Payment Systems, Swipely, Worldpay, Heartland, and Sterling Payment Technologies.
Looking for a way to pay $0 for accepting credit cards? Our dual pricing, formerly known as cash discounting program provides a way for merchants to pass along the cost of accepting credit cards to their customers.
“PCI compliance” is shorthand for the processes required to meet the payment and data security standards established by the Payment Card Industry Security Standards Council. This organization, founded in 2006 by five of the major global payment brands (American Express, Discover, JCB International, MasterCard and Visa), provides detailed guidelines on all aspects of payment card security for merchants and payment service providers, along with resources including self-assessment tools, tutorials, and lists of approved providers.
If you accept, transmit, or store credit cards, then PCI compliance applies to your company.
Your business can still accept credit cards if you are not compliant, however, your risk greatly increases.
Credit card and payment system data breaches in retail have been big news recently, and if your business is unlucky enough to make the headlines, the negative effects can be difficult and long-lasting. Re-establishing customers’ trust in your business is usually far more expensive than doing everything possible to prevent data breaches in the first place.
While PCI compliance is not in itself an airtight guarantee of payment data security, it does cover many of the most common scenarios, significantly mitigating your loss potential. In essence, operating a modern-day POS system without being PCI compliant is like driving a car without insurance — there’s no problem until there’s an accident. Then the results can be anything from inconvenient to catastrophic.
In addition, data breaches carry real-world costs. Figures will vary depending on the size of your business, but they can run to:
The best way to determine if your business is compliant is to complete the PCI DDS Self-Assessment Questionnaire (SAQ). There's a lot of resources online to assist with this, including the Council's website.
Yes. As of January 2020, Windows 7 is no longer supported by Microsoft. Because of this, the operating system lacks current security patches and is increasingly vulnerable to breaches. If you are processing credit cards on a machine running Windows 7, you are not PCI compliant.
Yes. As of April 2014, Windows XP is no longer supported by Microsoft. Because of this, the operating system lacks current security patches and is increasingly vulnerable to breaches. If you are processing credit cards on a machine running Windows XP, you are not PCI compliant.
There are twelve basic steps you can take to protect yourself.
BUILD AND MAINTAIN A SECURE NETWORK
Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
PROTECT CARDHOLDER DATA
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks
MAINTAIN A VULNERABILITY MANAGEMENT PROGRAM
Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications
IMPLEMENT STRONG ACCESS CONTROL MEASURES
Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data
REGULARLY MONITOR AND TEST NETWORKS
Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes
MAINTAIN AN INFORMATION SECURITY POLICY
Requirement 12: Maintain a policy that addresses information security
Perhaps the most important question — but yes, all of our software and hardware ships out PCI compliant. Although ongoing compliance is determined by our customers, we position every merchant to succeed and remain compliant.
Remember that PCI compliance is not a one-time event, but an ongoing process. Hackers and cybercriminals are constantly looking for new weaknesses in payment systems and networks, and while the biggest retailers make the news, small businesses are by no means immune.
The PCI DSS [Data Security Standard] outlines three broad steps in ongoing PCI compliance:
I. Assess: Identify cardholder data, take an inventory of your IT assets and business processes for payment card processing, and analyze them for vulnerabilities that could expose cardholder data.
II. Remediate: Fix vulnerabilities and do not store cardholder data unless you need it.
III. Report: Compile and submit required remediation validation records (if applicable) and submit compliance reports to the acquiring bank and card brands you do business with.
Security is critical when it comes to credit card integration. Our payment processing partners offer top-of-the-line card data security that helps mitigate your risk to data breaches. We have worked with these payment processors throughout thousands of installations, and we have experienced their reliable services firsthand. Mercury, Swipely, Worldpay, Heartland, and Sterling all have a proven track record when it comes to security — and that’s why we partner with them.
Finally, you can rest easy knowing that every POS system we configure is PCI compliant and equipped with the latest security measures.
If you own a personal credit or debit card, you know that these cards are now chip-embedded. Learn more about EMV and the top EMV questions we've heard from our customers.
Already a customer or looking to purchase? Our POS systems have full EMV capabilities and will help your business accept chip and pin cards. Schedule a consultation to learn more!
Used interchangeably, EMV cards or chip and pin cards are credit and debit cards that contain an embedded computer chip. Your cards most likely have a chip in them.
First, you’ll be on the hook for chargebacks. Depending on your business, that may or may not be a big deal. More importantly, however, EMV transactions and cards are significantly harder to hack than traditional credit cards.
So, if you’re not taking EMV cards, your chances of being breached just went way up – and as more and more merchants accept EMV, hackers will increasingly target the remaining non-EMV merchants.
No. EMV is being mandated by the PCI Security Standards Council, which is composed of the major card issuers like Visa, MasterCard, Discover, and American Express.
These companies obviously have no legal authority, but since you’re accepting their cards, they get to dictate the rules.
Not surprisingly, most banks are advocating EMV as a means of risk reduction, and we can’t blame them. No matter what they say however, we promise your POS system isn’t going to blow up.
Yes, you will be operating with increased risk, but most experts believe that full EMV adoption will take at least five years in the United States.
Maybe. EMV-capable pinpads and card readers have been on the market for a few years. If you don’t have one, then you’ll need one to accept EMV cards.
Even if you do own one of these card readers, you’re not totally in the clear. Each pinpad will need to be certified with each processor and each POS software – yeah, it’s complicated.
The likes of Visa, MasterCard, Discover, and American Express are driving this train, but the end result should be a net positive for the system as a whole with less fraud – even if that means having to purchase a new card reader now.