PCI – Payment Card Industry
Understand the differences between DSS, PED, and EPP as well as the mandates associated with each. The standards are built to have a consistency of security and provide the retailer the ability to provide protection for consumers as well.
MORE FROM THIS EXPERT
- Preparing your company and customers for PCI Compliance
- Interlink Merchants Must Use TDES at the POS by July 2010
- PCI & Payment Security webinar wrap-up
- VISA - Congressional Hearing Presentation
COMMENT POLICY
-
Before you comment, please read our comment policy.
Subscribe to this author
This blog is extremely valuable - there is a lot of confusion about regulatory requirements out ther e- what a great step to clearing that up
Wow! This site is great! We’ve been considering ways our company can inform our customers about PCI compliance. This site is all they’ll need! It far surpasses any efforts- albeit sincere- we’ve attempted!
You’ve presented the Who, What, When, Why and Hows in a sharp, user-friendly format that will undoubtedly help retailers understand the nuts and bolts of PCI compliance. GVR products will allow the retailer to accomplish compliance in the most cost-effective, sensible way possible.
The “El Monte” news video you’ve posted is so eye-opening and will help the retailer better-understand the need for attention to compliance. The bottom line: to protect the consumer is to protect your livelihood!
Thanks for your efforts!
Sign me a proud GVR distributor!
Terry
I feel like I’ve got a handle on what’s needed to attain PCI-Compliance at the dispenser, but what about the POS?
I understand G-Site will never be PCI-Compliant; so when does it have to be changed out with another POS?
Thanks!
Terry,
Gilbarco® G-SITE® point of sale system has been one of the most popular and successful products in our industry for more than 20 years. With more than 40,000 sites installed, G-SITE revolutionized retail automation as one of the first PC-based point of sale systems designed for fuel retailers. We thank you and all our customers for making G-SITE such a success for so many years.
The Payment Application Best Practices (PABP) sets forth requirements that must be met by merchants who process on the VISA network. Click here to see a chart showing the critical dates:
As these dates outline, a merchant has a window in which to transition to compliant systems.
Looking forward please note several observations. First, we are pleased that the market has rapidly adopted our newer Passport® point of sale system. Passport’s ability to meet new and emerging PABP and other Payment Card Industry (PCI) requirements on all major networks makes it an excellent choice for today and tomorrow. Its use of open platforms means faster development as well as richer features and interfaces.
G-SITE was built on a closed legacy architecture that is unable to meet PCI requirements and best practices that our customers will want to observe. G-SITE is not and can not meet PABP/PCI compliant requirements. The architecture of the system, while safe, does not permit the data encryption, password schemes, and other features required under VISA mandates. Because G-SITE is already certified on all networks, the general deadline that is most important to our customers is July 1, 2010. Visa mandates list July 1, 2010 as the date in which all networks must use PAPB-compliant applications, meaning GSITE must be removed by this date. Most networks however have already announced migration plans and G-SITE removal dates that may or may not match with Visa mandated dates. You should contact your specific network provider to confirm if this date is valid for you site (s).
Do you have to change out your G-Site to passport to have it PCI compliant or is it PCI for the pump only. Thanks.
You will need to migrate your G-SITE application to Passport for PCI compliance. PCI is a group of standards that cover all aspects of site systems security.
PCI-PED (PCI-PIN Entry Device) standards define how pin pads both inside and outside in the dispenser must work to ensure maximum security. Triple-DES encryption PIN pads in the dispenser falls into this set of mandates.
PCI-DSS (PCI-Data Security Standards) standards define how store payment devices must work. POS and any other payment devices must meet PCI—DSS mandates. PCI-DSS states that all non-compliant applications must be removed from the credit network by 7/1/2010.
Per previous announcements G-SITE is technically unable to feasibly meet PCI-DSS mandates and has been designated end of life. Sales of new G-SITES end 12/31/2008, support of installed devices end 12/31/2011.