Understanding the basics behind point of sale (POS) compliance can be something of a chore, but it is key to making sure you select the right POS system for your business. A good point of sale system can be way more than just a cash register and a payment terminal. Indeed, a terrific POS can help you with inventory management, referral programs, rewards programs, and other elements of customer relationship management. However, without substantial compliance, your POS can be something you never want it to be: a liability.
In this article, we are going to look at three elements of POS compliance and how they can help to keep your customers safe. These elements are PCI, PAYware Connect, and EMV.
The Basics of Point of Sale Compliance: PCI, EMV, and PAYware Connect
Let’s start with PCI compliance. Finding a point of sale system that is PCI compliant should your top priority, as PCI compliance is the key form of compliance for all merchants who accept credit card payments. When someone talks about PCI compliance, they are referring to the PCI DSS, or the “Payment Card Industry Data Security Standard.” The PCI DSS is the regulatory standard for all point of sale systems—not just in the United States, but around the world.
To be PCI compliant, a merchant must have various safeguards in place to protect customers and their credit card information. The DSS standard includes requirements for data encryption, anti-malware and virus protection, firewall, and well-outlined security policies. The main idea of the PCI DSS is to keep the cardholder’s data as secure as possible. As such, to be PCI compliant, a business must protect credit card data from threats that are both external (hackers, viruses, etc.) and internal (employees).
The good news about PCI compliance is that the internet has a lot of resources written to help businesses understand the PCI DSS and how it relates to their point of sale systems. The bad news is that no shortcut will automatically get you to compliance. Buying the right POS and using a reputable web host for your ecommerce site are two steps in the right direction toward compliance. Good point of sale systems and web hosts will be compliant with all applicable PCI requirements. However, the way that your business handles certain other things—like the security of your network, or whether or not you store your customers’ credit card information—can also impact your compliance.
This is where PAYware Connect might enter into the conversation. Unlike PCI DSS, PAYware Connect isn’t something that every single merchant will need to understand. PAYware Connect is a cloud-based solution provided by Verifone, which is one of the most well-known POS companies in the world. However, by using the PAYware Connect cloud service, businesses can attach their customers’ payment card information to "tokens," which can then be used to tender transactions. The tokens provide the convenience of "having a credit card on file" for a customer without actually requiring the merchant to store credit card information on a potentially vulnerable server. To learn more about how this process works, check out this payware connect blog post.
EMV: The Elephant in the Room
Currently, EMV is dominating the conversations about card payment technology and point of sale systems. EMV stands for “Europay Mastercard Visa,” but these days, most articles referencing it are referring to the EMV liability shift. Many cards today are making the switch to EMV chip technology, where payments are transmitted from a microchip inside the card instead of by the magnetic strip.
These chip-enabled cards allow for safer and more secure transactions, but older POS systems are not all equipped to accept chip payments. In October 2015, there was a “liability shift” in regards to this technology. Before the shift, merchants not using EMV chip technology in their POS systems would not be held liable if customer credit card information was stolen. The liability instead always fell with the credit card companies.
Post-shift, if credit card details are stolen and the merchant has not updated their POS to read EMV chips, they will be held liable for the theft and any fraud that follows. As a result, finding a point of sale system that’s ready to read EMV chips should be a top priority for any and all merchants—new and old.