laTeST - Music & Sound Retailer

It’s in the cards
(continued from cover)
tion. However, there are so many
retailers in the United States that
it would be difficult—although
certainly not impossible—to be
fined for a failure to be PCI compliant
unless you had a security
breach.
The payment card industry
was formed jointly by Visa,
MasterCard, American Express
and Discover to reduce dramatically
the possibility of security
breaches. To get the entire scoop,
we spoke to Jason Wagner, senior
national account manager for
Omaha, Neb.-based First National
Merchant Solutions, NAMM’s
recommended vendor. One of
the processor’s roles has been to
work with vendors to make sure
they are PCI compliant before the
July 1 deadline.
Let’s start with the most
important question. What is PCI
compliance and why should you
care about it? “The goal is to
make sure merchants are not improperly
storing any data so that,
if there were a security breach,
nobody’s card numbers would be
compromised,” said Wagner.
First National Merchant
Solutions currently is making
sure merchants are in tune with
the 12 PCI requirements. “The
validation has to be completed
by a qualified security assessor
(QSA), though,” said Wagner.
“So, at First National Merchant
Solutions, we combined forces
with a company named Trustwave,
which is a certified QSA.
First National Merchant Solutions
makes sure merchants
comply with PCI standards, but
also provides ongoing training as
requirements may change.”
For more on First National
Merchant Solutions, visit www.
fnms.com.
Wagner added there are four
levels of PCI compliance: Levels
1 through 4. Level 1 merchants
have more than 6 million credit
card transactions per year. Level
2 merchants have between 1
million and 6 million credit card
transactions per year. Level 3
refers to those with 20,000 to 1
million transactions, and Level
4 refers to those processing less
than 1 million transactions or less
than 20,000 e-commerce transactions
per year.
Being PCI compliant is intended
to ensure breaches cannot
occur from either the outside
and internally—meaning your
employees.
All four levels must become
PCI compliant. To become PCI
compliant, you must follow all of
these 12 steps:
1. Install and maintain a firewall
configuration to protect data.
2. Do not use vendor-supplied
defaults for system passwords and
other security parameters.
3. Protect stored data.
4. Encrypt transmission of
cardholder data and sensitive information
across public networks.
5. Use and regularly update
anti-virus software.
6. Develop and maintain
secure systems and applications.
7. Restrict access to data by
business need-to-know.
8. Assign a unique ID to each
person with computer access.
9. Restrict physical access to
cardholder data.
10. Track and monitor all
access to network resources and
cardholder data.
11. Regularly test security
systems and processes.
12. Maintain a policy that addresses
information security.
For more on this topic, visit
www.visa.com/cisp.
We also looked into another
aspect of PCI compliance. Merchant
Link, which is involved in
credit card tokenization. What is
tokenization? Merchant Link’s
Dan Lane and Tim Kinsella
will fill us in. “Merchants have
to trust vendors like Visa and
MasterCard to make sure money
gets into their accounts,” said
Kinsella. “Many times, that
works. But sometimes, it doesn’t.
What do you do then? Merchant
Link provides an answer. We
offer a gateway between a store’s
credit system and the banks to
make sure transactions go to the
right place and are tracked. It’s
become much easier for bad guys
to steal credit card data and turn
it into money for themselves.
As that risk accelerated, card
associations created Payment
Card Industry (PCI) compliance,
which is a requirement to protect
personal data. We saw an opportunity
to create a technology to
help merchants.”
“Credit card companies expect
you, the merchant, to protect that
data,” added Lane. “Our product
is called tokenization. It does that
for merchants. You know how difficult
it is just to protect information
on your home computer. It
gets much more complex on the
merchant level. It can be very
challenging. Even for small merchants.
Since broadband [Internet
service] became widely avail-
CD-ROM Book & DVD
able, bad guys immediately took
advantage of that and hacked into
merchant security systems more
easily.”
Merchant Link said the average
cost of using its service is
two to three cents per transaction.
For more, visit www.
merchantlink.com.
THE ULTIMATE
MULTIMEDIA INSTRUCTOR
Over 30 titles available in three formats for Guitar, Bass, & Keyboard!
Contact your sales rep for exclusive buy-in opportunities!
USA/Canada
Phone: (800) 292-6122
Fax: (800) 632-1928
International
Phone: +1 (818) 891-5999
Fax: +1 (818) 893-5560
DVD
Online
Web: alfred.com/dealer
E-mail: sales@alfred.com
Coming in the May Issue of
the Music & Sound Retailer:
• Pro Audio Update
• Summer NAMM Preview
• Five Minutes With: Ron Manus, CEO Alfred Publishing
• Formidable Females: Mary Ann Giorgio,
MXL Microphones
• MI Spy Visits Sin City: Las Vegas
• The second edition of Appraisal Scene Investigation
And Much, Much More!