On this journey called “data security,” the learning curve and evolution of the standards are a never-ending process.
With that in mind, the PCI-DSS council, the organization that maintains and updates the security rules, has announced PCI 3.0. These new rules will come into play immediately, and businesses and organizations that handle card transactions must start applying these standards to their business practices.
One change merchants will see as they upgrade their stand-alone credit card terminals is the requirement that those terminals be locked. This requirement is for both the software and hardware.
When you connect a terminal to a merchant processing vendor, the vendor downloads into that terminal some software that handles the transaction. Each processor’s software is different.
The new standards will require that the software be locked to prevent a bad guy from sneaking his own version of software into your machine and then stealing data from it. This locking of the terminal will be invisible to you unless you allow another vendor access to your terminal.
As an example, if you decide to use your terminal for gift cards and the software company that provides the gift card solution wants to load the program onto your credit card terminal, you will need to contact your credit card vendor to “unlock” the terminal so that the new software can be loaded.
After you are done loading the software, you must re-lock the terminal with the credit card vendor.
Another example of when this could impact your use of the machine is if you want to switch processors. The current processor will need to unlock the device and then allow you (or the new company) to download its software into the terminal.
The other side of this requirement is the physical security of the device. You will need to start making sure the device is “locked” to the countertop and can’t be removed without a key.
Obviously, some of the older devices were never designed to be physically locked to the counter. This security requirement could create a “new” industry: how to secure the device in an attractive yet inexpensive way.
As we in this expert processing organization travel the journey of data security, we will keep our eyes on the road and hands on the wheel so that you can focus on running your business.
If you have any questions, please don’t hesitate to contact our customer services representatives at 800.563.5981 option 2.