Unisys recently conducted its biannual security index and according to their study nearly two-thirds of Americans are seriously concerned about identity theft and credit and debit card fraud. For companies that are processing and storing credit cards within their ERP system there is little argument that keeping card holder data safe and mitigating security breaches is a top priority. This is why in 2006, Visa and several other major credit card companies formed the Payment Card Industry Security Standards Council (PCI SSC) with the goal in mind of protecting consumers, merchants and service providers. As a result they have put into place security standards called the Payment Card Industry Data Security Standard (PCI DSS). To become PCI DSS compliant, companies need to meet 12 requirements that are explained in a rather witty video which can be found on the
In addition to merchants, developers of payment applications also have to adhere to their own set of PCI standards called the Payment Application Data Security Standard (PA-DSS). These standards were created by the PCI Security Council and hold software vendors accountable for developing payment applications that properly process, store and/or transmit cardholder data without storing prohibited information like magnetic stripe data or CVV2 numbers. Using applications that are PA-DSS validated is necessary for merchants that process credit cards. Not only does it help companies in the overall process of maintaining a PCI compliant environment, but companies that use an uncertified credit card payment solution may be unable to receive a merchant account or be forced to pay higher rates.
With states like Nevada, Minnesota and more recently Washington signing PCI compliance mandates into law keeping a secure environment and using a payment application solution that is compliant is essential. Once a company is PCI compliant it ensures an organization has taken the proper security measures so they can avoid incidents like the infamous security breach that happened to
Choosing the right application software is an important step in becoming PCI compliant. It should also be noted that just having a PA-DSS certified payment application software in place will not single handily make a company PCI compliant, it is however necessary in the overall process of gaining compliance. Without it organizations run a greater risk of leaving their customer’s account information vulnerable. This is why taking the proper measures in selecting a secure payment application is so important.
Azox Credit Card Extension payment processing application for Microsoft Dynamics GP is PA-DSS certified and can help companies in the overall process of maintaining a compliant environment. Azox Credit Card Extension is also listed as a secure and validated payment application on the PCI Security Council’s list of
By Aaron Smith, Azox, Inc. -