How To Choose A Secure PCI Compliant Merchant Processing Company

March 17, 2017 | By James Raymond

PCI Compliance

There are many, many merchant processing companies, and hence there are many, many factors that need to be considered when choosing a suitable merchant processing company.

Merchant processing companies are payment processors appointed by merchants to handle transactions from various channels such as credit/debit card payments for merchant acquiring banks. They take on the responsibility of maintaining the safety and security of the payment information.

These companies are third-party entities offering these as software-as-a-service (SaaS). For the merchant, it enables cost reductions and better transaction processing quality. All electronic payments including card payments and card-not-present transactions are at risk of fraud and abuse. The cost and risk involved are very high when merchants decide to manage and protect card data on their own, and the merchant could incur significant financial loss for misuse of card data. There are significant advantages in subscribing to the services of a merchant processing company as the responsibility, risk and liability is taken off the shoulders of the merchant.

There are 5 important criteria that a merchant must follow when choosing a merchant processing company.

1. Payment Card Industry (PCI) Compliance

Ensure that the merchant processing company is PCI compliant. The PCI Data Security Standard (PCI DSS) is a set of comprehensive technical and operational requirements for enhancing the security of payment card account data. It applies to all entities that accept payment cards, and store, process, and/or transmit cardholder data. Further, the merchant must pass on a “payment token”, which would allow the merchant to perform various transactions such as charges, refunds, or void any transactions. All these are performed without the merchant storing any payment card data, and this would help the merchant system remain PCI-compliant.

The PCI compliance certificate must be renewed every year by every merchant/company that needs to accept and process card transactions. Usually, the merchant processing company takes care of the conditions needed for the merchant to remain PCI compliant. To what level the merchant processing company provides support is what differentiates between companies. Choose a company that provides complete guidance and support, and takes care of the liability that may occur in case of a cyber theft or data breach.

2. Point-to-Point Encryption

Every transaction involves transfer of data through numerous points that are susceptible to attacks by cybercriminals (hackers). Hence, the integrity of data must be protected. Point to Point Encryption becomes an absolute necessity, and the merchant must ensure that the merchant processing company protects all payment card data through point-to-point or end-to-end encryption.

3. EMV Chip Cards

EMV chip cards are considered to be more secure than magnetic strip cards. While Europe has adopted EMV chip cards, it is yet to be fully adopted in the US. Worldwide, it has been recommended that magnetic strip cards be replaced with chip cards. Merchants should switch over to EMV-compliant POS equipment (if they have not yet done) and also ensure that the merchant processing company accepts EMV chip card transactions.

4. Application Program Interface (API)

The merchant processing company’s software must be able to integrate with the merchant’s POS devices (all equipment) and software for seamless and leak-proof transactions. The API must be able to encrypt the transactions so that the payment card data remains secure.

5. Cost of Subscription

For any merchant processing company, there is significant cost involved in maintaining a secure infrastructure. Hence, you should be suspect if the subscription charges are very low and too good to be true.

PCI Compliance

Be Sociable, Share!

Add new comment

Your name
Comment

You may use these HTML tags and attributes: <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>