Posts Tagged ‘PCI’
Do Payment Facilitators Have to Be PCI Compliant?
Data security is a critical component of the work that payment facilitators do. Proper management of sensitive data is an essential responsibility for anyone enabling access to the payments system. So every payment facilitator needs to understand the role that PCI compliance plays in their overall risk management efforts.
Read MoreControlScan and FIS: Collaborating on Behalf of PFs
Compliance solutions provider ControlScan and processor FIS have come together in an effort to streamline PCI compliance for payment facilitators.
Read MorePayment Facilitators and PCI: “Everybody Has to Start Somewhere”
An organization’s PCI scope – the components of its business that need to be included in an assessment – can have a dramatic impact on the costs for that company to comply with the security standard’s requirements. According to Chris Bucolo, that’s the fundamental reason payment facilitators need to “engage early.”
Read MorePCI and Payment Facilitation: What are PFs Responsible For?
Companies that choose to integrate payments into their B2B software offerings must consider risk from a number of perspectives. This week, we report on some of the fundamental issues and decision points behind payment facilitators’ relationship with the industry data security standard.
Read MorePayment Security: The Developer’s Duty
Merchants want ease of use. Customers want mobile. Everyone wants security.
Read MoreCompliance from the PF Point of View: PF Day Preview
When a technology company decides to take on payments, it often seems like a natural next step. Who wouldn’t want to extend their services by enabling clients to accept payments?
Then reality sinks in. Adding the technical capability to move money is one thing. Opening the door to the complex web of federal and state regulation and card brand rules is another.
Read MorePayment Facilitators and Risk: How the Market Views Submerchants
There is plenty of evidence that the payment facilitator market will grow significantly over the next few years. There are multiple drivers for this growth, including the belief that the increased complexity of compliance/security requirements for merchants will generate more interest in this payments model.
Although there is general agreement that the growth potential is large, there is a divergent set of opinions on how risky the model is, and how risk needs to be approached.
Read MoreUnregistered Third Party Regpack’s Exposure Of 324,000 Transactions Proves A Cautionary Tale For PFs
A July exposure of transaction records from 899 submerchants serviced by payment facilitator BlueSnap highlights an important lesson for PFs.
In addition to making sure their own houses are in order, they bear responsibility for their submerchants and service providers as well.
PFs who control all aspects of the card entry, where it’s impossible for a transaction to enter outside of their interface, may be able to certify compliance on behalf of all their submerchants. However, if any submerchant or service providers could conceivably get access to card data, the PF must ensure they are certified and registered. BlueSnap had to learn that the hard way.
Visa’s New SMB Rules Add PF Complexities
When Visa recently added more rules on its smallest merchants—PCI Level 4s—it created a sales opportunity for payment facilitators by giving SMBs an even stronger reason to outsource its payments activities. At the same time, it added more complexity to PCI management for those PFs.
Mike Cottrell, head of global sales and marketing at ProPay, tried to put the new rules into perspective for payment facilitators in this week’s PaymentFacilitator.com podcast.
Read MoreFTC Launches PCI Probe. Ruh-Roh
On Monday (March 7), the U.S. Federal Trade Commission (FTC) launched a government investigation of PCI, zeroing in on potentially excessive charges, inconsistency in enforcement and rampant conflicts of interest. As famed QSA Scooby Doo would have said, “Ruh-roh.”
None of this is news to the FTC and it’s part of the reason for the investigation, which FTC is officially calling a study. “We have heard these issues,” said David Lincicum, an FTC attorney in the division of privacy and identity protection, who is the lead attorney on the study and is also managing the study. “We go into this looking to get information, to get some details about what the interactions look like.”
Read More