The PCI Monkey on your back

Companies who transact commerce are expected to be completely PCI-DSS and/or PA-DSS compliant. To do so can be extremely time consuming, expensive and challenging. From the perspective of a company who uses a proprietary software system with transaction or payments capability embedded into it, the PA-DSS process can appear to be extremely daunting. The simple solution would be to utilize software as a service payment platform for transaction processing. However, that takes a company back to the proverbial stone-age, at least in relation to the many benefits they enjoy by having their proprietary software manage their transactions and subsequent reporting.

PA-DSS is a council managed program to assist software developers in creating secure payment applications that do not store prohibited credit card data. PCI-DSS is a set of security standards that all software must meet, no matter the developer or company, in order to process credit card transactions. More information on either can be found at the PCI Security Standards Council website:

There’s no doubt that there are still software platforms that are conducting commerce and originating transactions that are not PCI compliant. No doubt that some companies who have enabled software for payment processing are not even aware their software needs to be PA-DSS compliant.

One doesn’t need to look far to understand the risks in going down this road. It just isn’t worth the risk. The potential fines and legal fees could literally wipe-out many companies. And if that doesn’t due them in, the damaging effects to their loyal customers will pave a road for them jump ship to safer and more secure pastures. What some companies don’t know, or have yet to explore, is exactly how easy it can be to utilize their own proprietary software, yet be completely PA-DSS compliant.

The answer lies in shifting the PCI-DSS burden to a PCI-DSS compliant payment processor who has the necessary utilities and technology to easily enable the merchant company’s software to be completely compliant. Top tier processing companies have developed communication and data storage methodologies that do just that. The risk of sensitive card data being resident on the merchant company’s software and computers no longer needs to be a burden. In fact, no card data is stored at all on their system.

Companies who develop proprietary software for specific industry niches are faced with constantly enhancing their software offering and creating value-add propositions for their client base. Integrating payment processing is a natural, as there are so many benefits their client base can realize. Single point of data entry, submission, reporting and reconciliation are powerful selling points for their software platform. Still, the developing companies face the same PA-DSS challenges. The risks are still the same, as are the compliance issues. However, overcoming this challenge can not only lead to a happy and satisfied client base, it can also lead to an additional recurring stream of revenue, and without sacrificing competitive transaction processing rates.

About Gene

Gene is a 24 year veteran of the electronic payments industry and has consulted with countless companies of all sizes. He has overseen large underwriting portfolios, directed IT staff, and currently serves as the Director of Business Development. Gene has appeared before the U.S. Congress to provide expert opinions regarding developing technology and transaction risks towards solutions for the payroll industry. You can find him on LinkedIn>.

, , , , ,