laTeST - Music & Sound Retailer
laTeST - Music & Sound Retailer
laTeST - Music & Sound Retailer
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
It’s in the cards<br />
(continued from cover)<br />
tion. However, there are so many<br />
retailers in the United States that<br />
it would be difficult—although<br />
certainly not impossible—to be<br />
fined for a failure to be PCI compliant<br />
unless you had a security<br />
breach.<br />
The payment card industry<br />
was formed jointly by Visa,<br />
MasterCard, American Express<br />
and Discover to reduce dramatically<br />
the possibility of security<br />
breaches. To get the entire scoop,<br />
we spoke to Jason Wagner, senior<br />
national account manager for<br />
Omaha, Neb.-based First National<br />
Merchant Solutions, NAMM’s<br />
recommended vendor. One of<br />
the processor’s roles has been to<br />
work with vendors to make sure<br />
they are PCI compliant before the<br />
July 1 deadline.<br />
Let’s start with the most<br />
important question. What is PCI<br />
compliance and why should you<br />
care about it? “The goal is to<br />
make sure merchants are not improperly<br />
storing any data so that,<br />
if there were a security breach,<br />
nobody’s card numbers would be<br />
compromised,” said Wagner.<br />
First National Merchant<br />
Solutions currently is making<br />
sure merchants are in tune with<br />
the 12 PCI requirements. “The<br />
validation has to be completed<br />
by a qualified security assessor<br />
(QSA), though,” said Wagner.<br />
“So, at First National Merchant<br />
Solutions, we combined forces<br />
with a company named Trustwave,<br />
which is a certified QSA.<br />
First National Merchant Solutions<br />
makes sure merchants<br />
comply with PCI standards, but<br />
also provides ongoing training as<br />
requirements may change.”<br />
For more on First National<br />
Merchant Solutions, visit www.<br />
fnms.com.<br />
Wagner added there are four<br />
levels of PCI compliance: Levels<br />
1 through 4. Level 1 merchants<br />
have more than 6 million credit<br />
card transactions per year. Level<br />
2 merchants have between 1<br />
million and 6 million credit card<br />
transactions per year. Level 3<br />
refers to those with 20,000 to 1<br />
million transactions, and Level<br />
4 refers to those processing less<br />
than 1 million transactions or less<br />
than 20,000 e-commerce transactions<br />
per year.<br />
Being PCI compliant is intended<br />
to ensure breaches cannot<br />
occur from either the outside<br />
and internally—meaning your<br />
employees.<br />
All four levels must become<br />
PCI compliant. To become PCI<br />
compliant, you must follow all of<br />
these 12 steps:<br />
1. Install and maintain a firewall<br />
configuration to protect data.<br />
2. Do not use vendor-supplied<br />
defaults for system passwords and<br />
other security parameters.<br />
3. Protect stored data.<br />
4. Encrypt transmission of<br />
cardholder data and sensitive information<br />
across public networks.<br />
5. Use and regularly update<br />
anti-virus software.<br />
6. Develop and maintain<br />
secure systems and applications.<br />
7. Restrict access to data by<br />
business need-to-know.<br />
8. Assign a unique ID to each<br />
person with computer access.<br />
9. Restrict physical access to<br />
cardholder data.<br />
10. Track and monitor all<br />
access to network resources and<br />
cardholder data.<br />
11. Regularly test security<br />
systems and processes.<br />
12. Maintain a policy that addresses<br />
information security.<br />
For more on this topic, visit<br />
www.visa.com/cisp.<br />
We also looked into another<br />
aspect of PCI compliance. Merchant<br />
Link, which is involved in<br />
credit card tokenization. What is<br />
tokenization? Merchant Link’s<br />
Dan Lane and Tim Kinsella<br />
will fill us in. “Merchants have<br />
to trust vendors like Visa and<br />
MasterCard to make sure money<br />
gets into their accounts,” said<br />
Kinsella. “Many times, that<br />
works. But sometimes, it doesn’t.<br />
What do you do then? Merchant<br />
Link provides an answer. We<br />
offer a gateway between a store’s<br />
credit system and the banks to<br />
make sure transactions go to the<br />
right place and are tracked. It’s<br />
become much easier for bad guys<br />
to steal credit card data and turn<br />
it into money for themselves.<br />
As that risk accelerated, card<br />
associations created Payment<br />
Card Industry (PCI) compliance,<br />
which is a requirement to protect<br />
personal data. We saw an opportunity<br />
to create a technology to<br />
help merchants.”<br />
“Credit card companies expect<br />
you, the merchant, to protect that<br />
data,” added Lane. “Our product<br />
is called tokenization. It does that<br />
for merchants. You know how difficult<br />
it is just to protect information<br />
on your home computer. It<br />
gets much more complex on the<br />
merchant level. It can be very<br />
challenging. Even for small merchants.<br />
Since broadband [Internet<br />
service] became widely avail-<br />
CD-ROM Book & DVD<br />
able, bad guys immediately took<br />
advantage of that and hacked into<br />
merchant security systems more<br />
easily.”<br />
Merchant Link said the average<br />
cost of using its service is<br />
two to three cents per transaction.<br />
For more, visit www.<br />
merchantlink.com.<br />
THE ULTIMATE<br />
MULTIMEDIA INSTRUCTOR<br />
Over 30 titles available in three formats for Guitar, Bass, & Keyboard!<br />
Contact your sales rep for exclusive buy-in opportunities!<br />
USA/Canada<br />
Phone: (800) 292-6122<br />
Fax: (800) 632-1928<br />
International<br />
Phone: +1 (818) 891-5999<br />
Fax: +1 (818) 893-5560<br />
DVD<br />
Online<br />
Web: alfred.com/dealer<br />
E-mail: sales@alfred.com<br />
Coming in the May Issue of<br />
the <strong>Music</strong> & <strong>Sound</strong> <strong>Retailer</strong>:<br />
• Pro Audio Update<br />
• Summer NAMM Preview<br />
• Five Minutes With: Ron Manus, CEO Alfred Publishing<br />
• Formidable Females: Mary Ann Giorgio,<br />
MXL Microphones<br />
• MI Spy Visits Sin City: Las Vegas<br />
• The second edition of Appraisal Scene Investigation<br />
And Much, Much More!