Articles tagged: security

What is PCI-DSS?

The Payment Card Industry Data Security Standards (PCI-DSS) are a set of requirements that you must follow to protect sensitive cardholder data.
Sensitive cardholder data is information from a payment card that an issuing bank can use to authorize a transaction.… Read More “What is PCI-DSS?”

What is TLS?

Transport Layer Security (TLS) is an encryption protocol that devices use to protect the data they send over a network. TLS helps to keep your data safe and protects it from attackers.

For example, when your POS device sends data to our gateway, your POS device uses TLS to encrypt the data.… Read More “What is TLS?”

What is P2PE?

Point-to-Point Encryption (P2PE) protects your customer’s payment data by encrypting it at the point of entry before you send it to your processor. The data can be unencrypted using only the processor’s secure key, so even if a fraudster steals the data they can’t use it.… Read More “What is P2PE?”

What is a contactless payment?

A contactless payment is a secure way for a customer to pay for goods and services by tapping their compatible card or mobile device on your payment terminal. The customer doesn’t need to insert or swipe their card and they don’t need to enter their PIN.… Read More “What is a contactless payment?”

Genius Smart P2PE™ Instruction Manual

If you are using the Genius Smart P2PE solution, you must install and maintain your Genius devices according to the instructions in the P2PE Instruction Manual (PIM).
If you have any questions about the Genius Smart P2PE solution, contact our Genius Support Team.… Read More “Genius Smart P2PE™ Instruction Manual”

Are contactless payments secure?

Yes, contactless payments are secure because they use the same encryption and security as EMV transactions.

How can I help keep sensitive cardholder data secure?

To help keep sensitive cardholder data secure, we recommend that you do the following:

Keep your software and applications up to date

Make sure you have the latest updates for any software or applications on your computer or POS system. For example, you need to keep the following up to date:

Antivirus software
Operating system
POS applications

Restrict access to sensitive cardholder data

You can restrict access to sensitive cardholder data and by doing the following:

Keep back-office equipment away from the front of your store.

What do I need to do to comply with PCI-DSS?

To comply with PCI-DSS requirements, you must do the following:

Use equipment and systems that comply with the PCI-DSS’s requirements for processing and storing sensitive cardholder data
Educate your employees about the best practices for working with cardholder data
Complete an annual self-assessment questionnaire (SAQ) or an on-site audit by an external assessor each year
Carry out software scans to discover potential flaws in your system

Best practices

You should also follow our best practices to help you secure your network, which include the following:

Do

Use only PCI-DSS approved PIN entry devices
Use a properly configured firewall on your network and computers
Use strong passwords and change the default passwords on hardware and software

Don’t

Share passwords with employees
Use passwords more than once
Use weak or insecure protocols for connecting to your access point
Connect to access points you don’t trust or haven’t set up yourself
Leave your POS devices unattended