Wash Access Loyalty System (WALS)
|
PDQ Access CMS validated as PABP CompliantPDQ Manufacturing is dedicated to protecting wash operators. PDQ's Access Customer Management System (CMS) is now validated as being PABP (Payment Application Best Practices) compliant. This validation helps wash operators meet compliance with the Payment Card Industry Data Security Standard (PCI DSS) by minimizing the potential for security breaches and compromised credit card information. PABP encourages practices that protect stored data, tightens security access, and eliminates full magnetic stripe data retention. From VISA's website - "(Effective 07/01/08) VisaNet Processors (VNPs) and agents must only certify new payment applications to their platforms that are PABP-compliant."¹ This means that beginning July 1st, 2008 you may be unable to open a new merchant account and process credit cards at your car wash location if you are not using PABP compliant devices. As of the June 15, 2008 release, PDQ Manufacturing is the first car wash manufacturer to provide a high-speed PABP compliant payment application for your car wash. To view all compliant providers, please see the searchable List of Validated Payment Applications on the PCI Security Standards Council's website. For more information on PCI compliance and how/when it will affect you, please visit VISA's website, the PCI Security Standards Council's website, or contact your merchant service provider. PDQ is also making changes to the WALS Club Interface and will release a version of the Club Interface once all work on the application is complete.
Why PABP Compliance is Important
Being PABP compliant validates that a specific device adheres to the standards set forth by VISA's CISP (Cardholder Information Security Program) and that credit card information stored, transmitted or processed by those devices is done so in a secure fashion. Using PABP compliant devices at your location will assist you in becoming PCI certified by following the guidelines laid out by the PCI DSS. These standards help minimize the potential for security breaches and compromised credit card information, which you as the merchant are ultimately responsible for.
Self-Assessment Questionnaire
PDQ has created an Answer Guide for the Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire C to help wash operators complete questionnaires. Part of the Access Customer Management System (CMS) operator manual is the PABP Implementation Guide, which should be reviewed for specifics on Access CMS payment application site installation.
Credit Card Security and the Access Unit
Beginning January 1 st, 2008, merchant acquirers began requiring level 4 merchants to adhere to a new payment security standard. Due to these security requirements, PDQ has changed the software in the Access S, B, and N Series to be compliant, which will affect the credit card payment processors that carwash operators (merchants) can use. In previous version of software, PDQ supported five payment processors domestically:
To be compliant, PDQ will only support direct connection to Concord EFSnet and Authorize.net payment processors. Those customers currently using Tsys, RBS Lynk, Alliance Data Systems, or FDR Omaha should consider speaking with their merchant acquirer (the CC processor) or service provider to determine if the acquirer supports the Concord or Authorize.net platforms. Carwash operators that move to the Concord EFSnet platform before the new PDQ software is installed should experience fewer "change over" issues during the installation. Through a new Authorize.net account , carwash operators will be able to process credit cards through the following payment processors:
Transaction fees may vary by the merchant acquirer selected. Carwash operators should contact several acquirers or service providers for competitive quotes. Please note that acquirers may not support all the payment processors listed above. DataTran processing will not be available going forward. Carwash operators using DataTran dial-up modems will be required to replace the DataTran modem with a dial up modem and obtain an ISP (Internet Service Provider) if it is not currently present on-site. The second option would be to update the ISP to a broadband connection and process transactions through a high speed connection. The following merchant acquirers can process credit cards currently using the Concord EFSnet platform and can create merchant accounts for Access CMS operators.
A PABP compliant software download is available to all current Access CMS customers. Please consult with your local distributor regarding this software or login to your account to download a copy.
Qualified Security Assessors
Qualified Security Assessors (QSA) are security consultants providing phone or on-site data security assessments for PCI DSS Compliance. PDQ recommends hiring a QSA if the merchant (wash operator) is unaware of the requirements and actions necessary to become PCI compliant. Businesses seeking assistance with becoming PCI compliant can contact a Qualified Security Assessor from a listing published on the www.pcisecuritystandards.org or www.visa.com/cisp websites. PDQ Manufacturing has completed Access CMS PABP validation with Payment Software Company (PSC), a qualified QSA. Merchants seeking a QSA are welcome to contact PSC to schedule a consultation.
|
Data Security Standard Self-Assessment Questionnaire