Accelerated Shoulders the PCI Compliance Burden
Accelerated's middleware is a Payment Application Data Security Standards (PA-DSS)-validated processing solution that completely eliminates the security concerns of managing cardholder data. This provides considerable benefit to our partners, application developers and merchants.
For merchants, choosing a processing solution that incorporates Accelerated greatly reduces the burden of PCI compliance. All cardholder data is stored by Accelerated on our secure gateway servers, so no sensitive cardholder data resides on merchant systems. Beyond reducing a merchant's vulnerability to PCI compliance issues, this allows merchants to qualify to answer a streamlined Self Assessment Questionnaire, reducing the number of questions by over 80%.
Partners can confidently integrate Accelerated into their POS software and merchant processing offerings to merchants. Partners can offer a solution to their customers knowing that they have significantly reduced the complexity of the PCI compliance process for their merchants.
How Do You Put A Value On Peace of Mind?
Accelerated provides significant peace-of-mind to independent software vendors (ISVs) and value-added resellers (VARs). By partnering with Accelerated, these partners can avoid becoming a "payment application" and sidestep the attendant costs, risk, and overhead of managing PA-DSS. This means developers can save the time and expense of validating their applications for PA-DSS, saving an average of $10,000 and weeks or months waiting to complete a required assessment. Fines assessed by the card associations and passed along to the merchant can be exorbitant for each compromise event, which is defined as a breach of payment card data. A compromise event could trigger a forensic audit resulting in additional costs to the merchant beginning at an estimated $15,000.
How Does Accelerated Do It?
Accelerated utilizes the industry's finest technologies to drive the security features of our applications. All data is protected through end to end encryption, at the time of POS sale, during communication, and while stored at our gateway. We employ tokenization, random numbers which represent specific cardholder data, within Accelerated to add functionality while increasing security. And finally, based on segmentation, our solutions take developer applications out of scope for PA-DSS by eliminating the need to store, process, transmit, or handle cardholder data in any way.
Accelerated Payment Technologies allows partners to outsource elements of PA-DSS compliance. We manage the security of the payment process in such a way as to completely eliminate the need for a partner application to handle payment data. By removing the need to become a "payment application", Accelerated can completely remove partner applications from the scope of PCI DSS assessments, avoiding the need to undergo costly application development and PA-DSS compliance assessments.
XCharge Security Bulletin
Accelerated Payment Technologies™, the home of XCharge®, is issuing a special security bulletin regarding your XCharge software. Please take a moment to verify that you have properly configured the security settings within XCharge that are crucial to securing your system.
- Is your "Enable User Security" box checked?
- Are all of your XCharge computers behind a firewall?
- Did you change the default system username and password?
XCharge Security Settings
What is PCI compliance?
The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment.
Who needs to comply with the PCI requirements?
PCI applies to ALL organizations or merchants, regardless of size or number of transactions, that accept, transmit or store any cardholder data. Said another way, if any customer of that organization ever pays the merchant directly using a credit card or debit card, then the PCI DSS requirements apply.
Where can I find the PCI Data Security Standards (PCI DSS)?
The Standard can be found on the PCI Security Standards Council's Website
You can also get more information about risk management on VISA's Website
What are the penalties for noncompliance?
The payment brands may, at their discretion, fine an acquiring bank $5,000 to $100,000 per month for PCI compliance violations. The banks will most likely pass this fine on downstream until it eventually hits the merchant. Furthermore, the bank will also most likely either terminate your relationship or increase transaction fees. Penalties are not openly discussed nor widely publicized, but they can be catastrophic to a small business.