What is the PCI DSS ?

The Payment Card Industry Data Security Standard is a new mandate placed upon retailers using credit card authorisation (CCA) critical information. Its obligations extend not only to the security of the data and who has access to it but also its method of transmission.

What are the ramifications of PCI DSS ?

In simple terms the objective is to tighten up on security of credit card usage. Specifically a grading or level of security has been established. As larger amounts of CCA data are collected at any one point, so the level of risk increases. Chip&Pin technology has secured the operation of the CCA unit. Now being addressed are the communications and usage of the data resulting from CCA.

How can you simply avoid the obligations of PCI DSS ?

The easiest method of avoiding most obligations is to use APACS40 instead of the 30/50 popularly in use - and this is the way banks want you to go. With '40 there is no need to poll for the transactions as these accompany the authorisation interaction. So there is no opportunity of collecting large amounts of CCA information at your premises, thus keeping your risk level low. One problem resulting from this method however is that your accounts department may still require to know what money has gone from your terminals to your bank (previously available from '50 polls). Another problem is that your estate would probably like to have an easy CCA summary for cashing-up at the end of the day. 1st Network's RetailerNet provides a solution for all these aspects.

RetailerNet's PCI DSS compliant solution

Firstly the main objective has been to cut down on the storage of data. Secondly the data, that is sensitive and that could be used fraudulently, is not fully held. Thirdly no internet pathway for credit card traffic is used. Lastly no full transation data is ever store-and-forwarded, only transient data passes through 1st Network's centre to the bank.

RetailerNet's solution is therefore founded on security. But secure provision is also made to allow the Retailer to pull-back enough part-information to carry on business as normal. Finally because this incomplete information cannot be used fraudulently it can be distributed to any department in the Retailer's organisation. The Retailer's operation can continue without fear of a security breach and with no consequent liability.

How might I use RetailerNet ?

The most comprehensive method is for you to contract for 1st Network to install your managed IP network for you (using BT IPstream circuits). Here a managed intranet is established that does not utilize the Internet. Secure redundant intranet links are then directed to the 1st Network centre for the passing of real time CCA data. Any network protocol conversion, additional encryption, etc., necessary for the apacs data passage to the bank, is made at 1st Network's centre.

Another method is to utilize a VLAN connection on an existing IP network. The VLAN (as opposed to a VPN over a shared data path that has Internet exposure) is established at a more fundamental protocol level than IP. It avoids any security exposure for hacking, monitoring etc. VLAN traffic can only go to the one location - 1st Network. Using this method your estate of CCA/Epos terminals can gain fast access for authorisation to your bank.

Finally if you are already running an IP network with integrated CCA you can direct your traffic to 1st Network. This may be achieved using either a link from the Retailer's own network or a link from 1st Network's network. Either way a secure data path is provided for the passage of CCA data. As above, reporting is offered back to the Retailer without compromising the security obligations of PCI DSS.

1st Network has many major high street retail chains linked to it and has been 100% securely successful for over 5 years - guaranteeing you its reliability.