What is CISP Compliance?
In June 2001, Visa initiated the Cardholder Information Security Program (CISP) to define and promote credit card security standards that reduce the risks and costs associated with credit card fraud. In December 2004, Visa in collaboration with MasterCard and with the endorsement of Discover and American Express published version 1.0 of the Payment Card Industry (PCI) Data Security Standard. PCI outlines a set of guidelines that merchants must follow in order to be considered PCI-DSS-compliant.
These guidelines stipulate, among other requirements, that: Credit card numbers must be masked on printed receipts, and that full card numbers may not be retained on non-secured computer systems. PCI-DSS compliance is essential to ensure that sensitive credit card information is secure and that you are protected from any liability that could arise from the fraudulent use of cardholder data obtained from your computer systems.
CounterPoint Version 7.5 has been compliant since the early introduction of the standards. In April 2006, Visa also certified CounterPoint SQL to be compliant with CISP and Payment Application Best Practices (PABP) standards. CounterPoint is listed on Visa’s website (www.visa.com/www.visa.com/cisp) as a Validated Payment Application.
The CounterPoint help includes topics to guide merchants in setting up fully PCI-DSS compliant systems, including advice for adhering to requirements that are not related directly to CounterPoint.
CPGateway also meets all PCI-DSS compliance standards. Radiant is named on Visa’s website (www.visa.com/cisp) as a PCI DSS-Compliant Service Provider for CPGateway.
Configuring CounterPoint properly is only part of an overall PCI-DSS compliance strategy. Attaining PCI-DSS compliance requires you to evaluate your business practices to make certain that you have the appropriate policies in place and that your staff is vigilant to the risks of credit card fraud.
To ensure that you are following all published guidelines regarding PCI-DSS compliance, download and review the PCI Data Security Standard from ( www.visa.com/cisp ).
If you are not taking the necessary steps to adhere to the requirements outlined in the PCI Data Security Standard, your business is open to dangerous and potentially expensive liability.
While CCS Retail Systems, Inc. and Radiant can assist you configuring CounterPoint SQL to be PCI-DSS compliant, neither can function as an independent auditor or adviser regarding your general CISP compliance. Refer to www.counterpointpos.com/cisp for additional information about PCI-DSS compliance.
What happens if I fail to adhere to these new Credit Card security standards?
Based on the terms of your Business Merchant agreement, the Credit Card Companies reserve the right to do any or all of the following in cases were a business is deemed not to be in compliance:
1. Compliance Failure Fines.
If a member, merchant or service provider does not comply with the security requirements or fails to rectify a detected security issue, Credit Card Companies may fine the responsible member. Fines may be waived waive in the event of a data compromise if there is no evidence of non-compliance with PCI DSS and ?Credit Card Company rules. To prevent fines a member, merchant, or service provider must maintain full compliance at all times, including at the time of breach as demonstrated during a forensic investigation. Additionally, a member must demonstrate that prior to the compromise the compromised entity had already met the compliance validation requirements, demonstrating full compliance.
I have heard of several incidences where several major retailers have been fined in excess of $100,000.00 because of non-compliance issues.
2. Randomly Scheduled Forced Compliance Audits.
If you fail a compliance audit, you may be picked for future random compliance audits, at a greater frequency than normal, for which your company will be financially responsible. This could amount to many thousands of dollars annually in additional costs. This process can also be disruptive to your normal business flow.
3. Termination of your Merchant Agreement.
Although this may seem a somewhat extreme approach, it is one tool that the banks and credit card companies can hold over you head to enforce compliance.
I also know of one issue were a major credit cards service provider’s agreement was abruptly canceled because of both continued non-compliance, and multiple serious security breaches. This left a number large number small retail and on-line merchants scrambling to find other sources for credit and debit card processing.
The above items are good reasons to make sure that both your CCS (CounterPoint Subscription Service), and you CounterPoint software is current.
If you are unsure if your system meets the new compliance standards, please contact CCS Retail Systems to schedule a review.