POS POV
The Retail Management Solutions Point-of-Sale Point-of-View

PCI Compliant - Are you at risk to lose Mastercard/Visa capability?

Posted by Chris Gage on Thu, Mar 21, 2013 @ 08:00 AM

rms pos pci security point-of-saleWe often get calls from customers asking “Am I PCI compliant?”  The only answer RMS or any technology provider can truly provide is,  “ We don’t know”.  PCI Compliance encompasses more than the solutions we provide.  Of course, our POS products meet the requirements of The Payment Application Data Security Standard (PA-DSS) which is the global security standard created by the Payment Card Industry Security Standards Council (PCI SSC), but there are many more requirements to PCI compliance that only you can control.  

Do you have a documented security policy and do your employees get refresher training on that policy annually? These two questions are part of the self assessment questionnaire (SAQ) you are required by your credit card processor to complete quarterly.


Do you require that each employee utilize a unique username and password for access to the POS or do you allow everyone to share a login? This is not only the best practice for ensuring accountability around any actions that occur in the system, but it is also one of the requirements for PCI compliance.


And now for the scary one.....


Do you store credit card information in an unprotected manner for the purpose of keeping a customer’s “card on file”? In an effort to provide better service, you may have chosen to document a customer’s credit card number and expiration date somewhere so that information can be used to tender future transactions. Often, this “somewhere” is a document on a computer, an open field in your pharmacy or POS system, or even on an index card in a box sitting on the counter.

If you answered yes to the last question, you may not be aware that RMS has an option that will allow you to eliminate this practice and remove the security risk it presents. A cloud service called Payware Connect* by Verifone integrates tightly into the RMS system to support a process referred to as tokenization. Payware Connect allows you to request an ID number (token) that represents the customer’s credit card. This token is then associated with the customer record in the POS system, allowing for transactions to be tendered to that token (credit card) without the card being present.  The benefit of using a service such as Payware Connect is that the credit card number is never present on your network and is only referenced by the token number that is saved in the RMS system. This token is unique to your merchant account, meaning that, even if stolen, it cannot be used anywhere else.

pci pharmacy point-of-sale securityUnfortunately, the road to PCI compliance is not easy nor is it a one time journey. It is often confusing, costly and can take up time that is already in short supply. The questions above represent the most common areas where we have seen businesses fail to meet the requirements, but they are also the easiest to correct. Take the time today to look at your processes and make those corrections. Only you can make your business PCI compliant.  

Let me hear from you - have you had issues with credit card risk and how have you dealt with it?

 

* Payware Connect is a subscription service offered by Verifone with the price per month varying based on your credit card processing volume.  For more information about tokenization and Payware Connect pricing, please contact RMS at 360-438-8276

 

Contact RMS for your pharmacy point-of-sale consultation today!

Topics: pharmacy, pharmacy point-of-sale, pharmacy technology, mobile pharmacy pos, PCI

Follow RMS Online!

Subscribe via Email

Latest Posts

Pharmacy POS Buyer's Checklist
Outpatient Pharmacy White Paper - 5 Must Have Features

"RMS' [pharmacy POS system] has increased our efficiency, which means less customer confusion and more time for other things. RMS employees are excellent, responsive, and quick – which makes us very satisfied. RMS has improved both our customer service and our business, every year.." – Jim Smith, Owner & Pharmacist, The Medicine Shoppe, Shelton, WA 

 

Retail Management Solutions is the industry leader in pharmacy point of sale technology for retail and outpatient pharmacies. having installed more pharmacy POS systems in the independent and outpatient pharmacies than any other company, RMS has become the industry standard. Whether you operate a single register pharmacy, 15 register superstore, or have multiple locations, we have a fit for you. You can count on us for prompt service in all 50 states, 24 hours a day, seven days a week. RMS is proud to be the only pharmacy POS provider in the nation that focuses strictly on the pharmacy market.