You may be wondering, “Is my credit card terminal compliant?” Compliance referring to the Payment Card Industry (PCI) standards. The short answer is “probably”. An area of focus within PCI Compliance is PIN (Personal Identification Number) entry devices and their encrypted security from the point of sale through the approval process.
From Visa, “To ensure the highest possible PIN security standards in the electronic payments industry, in 2005, Visa announced a global mandate for Triple Data Encryption Standard (TDES) usage and established July 1, 2010, as the date for global compliance. This mandate requires that all cardholder PINs be TDES protected from the point of transaction to the issuer.”
While there are older models of external PIN pads that are or will not be compliant, those are easy to deal with. They are cost effective to swap out. It is the credit card terminal that uses its internal PIN pad that is more of a challenge. The internal PIN pad will need to be deactivated and an external PIN added, where the terminal’s PIN pad is deemed not compliant.
Let’s say you have a Verifone 3750. It’s a great credit card terminal. You should get many years of work from this product. But this terminal’s internal PIN pad is not going to be compliant come July 1, 2010. The most cost effective measure is to add an external PIN pad to the device, such as the PP1000SE, which is compliant (as seen here on Visa’s website). Hopefully, your processor is going to know the hardware you have at your merchant location. However, should they not reach out to you, here’s what you can expect.
A PIN pad is encrypted for the processing platform you are on. Examples of platforms are Paymentech, First Data and Heartland. If you need a new PIN pad and your processor is going to charge you for it, then this is a great time to shop your merchant services rates. If you are going to pay for a PIN pad, then move to cost effective processor.
A PIN pad retails for approximately $129, including encryption. That is far less that replacing your Verifone 3750 with its new brother the VX 570 that has a compliant internal PIN pad. Be wary of eBay or flea markets looking to save a few dollars. Encrypted devices should only be purchased through reliable and trusted merchant services companies. PIN pads have been tampered with to allow skimming. If that occurs from your flea market PIN pad or terminal, you the merchant will be liable for the losses.
How do you know if your PIN pad or terminal will be out of compliance? Give us a call and we’ll look it up for you. Or do it yourself at the Payment Card Industry’s Security Standards website.
At Merchant Services Inc, we will provide you with a free, encrypted, compliant, external PIN pad. Call us today at 877.577.3779 or fill in the simple contact form below.