PCI Compliance

Any merchant that accepts payment cards, is encouraged to comply with the PCI Data Security Standard. This system has the framework and capabilities in place for data security. The process includes: prevention, detection and appropriate reaction to security incidents.

All merchants accepting payment cards are responsible for protecting cardholder data at the start of the transaction to the end. This includes the payment device at the point-of-sale, and as it flows into the payment system. The highest security you can provide your customers is by not storing any cardholder data. If it is a must to have card data on record do so, behind lock and key with limited authorized users. The idea behind this system is stay compliant and keep all of your patron indemnities protected.

PLEASE LOG-IN TO THE FOLLOWING WEBSITES TO BECOME PCI COMPLIANT BY COMPLETING PCI Self-Assessment Questionnaire (SAQ):

FIRST DATA CUSTOMERS

ELAVON CUSTOMERS

TOKENIZATION

After processing an electronic payment card transaction, the data is sent to our global processing partners (First Date & Elavon) who authorizes the transaction. After authorization the return a token, which replaces important consumer data with a value that cannot be “decrypted”? to expose this data. Tokens can be generated in various formats, one of which is a format-preserving token (FPT) that matches formatting characteristics of a cardholder’s account number (i.e. 15-digit token for AMEX, 16-digit for Visa, MC, and Discover). The original account information that is associated with the token is stored in First Data or Elavon’s system where it is safe from would-be hackers.

TOKENIZATION TIMELINE

  1. CONSUMER DATA ON CARD
  2. TRANSACTION OCCURS THROUGH ENCRYPTED PAYMENT DEVICE
  3. AUTHORIZATION NETWORK GATEWAYS TRANSMITS DATA
  4. AUTHORIZATION PROCESSES (TOKEN GENERATED PROTECTING CUSTOMERS INFORMATION)
  5. AUTHORIZATION AND TOKEN RETURNED TO MERCHANT TO PROCESS TRNSACTION (CONSUMER INFORMATION STORED IN A SECURE ENCRYPTED DATE BASE)