PCI DSS Compliant

Haven Systems EPOS software has an optional interface that provides integrated card payment processing using the very latest Commidea Ocius for PC's solution.

Commidea Ltd is the UK's leading developer and provider of credit card processing systems and services and are always looking at ways to promote security and are PCI compliant.

Why PCI DSS Compliance is important to you business.

In the light of the following challenges, it is now more important than ever that you ensure and maintain tighter security around operations and the storing and transmitting of credit and debit card data.

• Fraud losses
• Harm to your business
• Card re-issuance costs (costs past to the merchant)
• Card holder inconvenience
• Loss of consumer confidence
• Adverse publicity - brand and reputation damage
• Legislative interest - Threat of Governmental Regulation

Trustwave's TrustKeeper®

TrustKeeper® is an integrated web based solution. As a policy compliance tool, TrustKeepers® automated vulnerability scanning engine will enable you to validate your compliance with the data security programmes of all the major card associations.

• Compliance questionnaires: Collect information on your security policies and habits to determine if your business is following generally accepted security standards and specific card association requirements.
• Vulnerability scanning engine: Gathers network information that allows targeted, real time email security alerts, which will warn you of vulnerabilities. The TrustKeeper® solution examines your networks for a wide variety of configuration problems, technical verification of policy compliance and specific security vulnerabilities.

Frequently asked questions

Q: Am I required to be compliant?

A: Yes. Compliance is required of all merchants and service providers that store, process or transmit card holder data. The requirement apply to all payment channels, including retail (brick and mortar) mail / telephone order and e-commerce. Specific requirements vary depending on the actual number of transactions processed. The Trustkeeper® program provides the necessary tools to achieve, maintain and vailidate compliance.

Q: What is the PCI DSS self - assessment questionnaire?

A: The PCI DSS self assessment questionanaire (called SAQ) is a list of questions used to assess your compliance with the requirements of the PCI DSS. In February 2008, the PCI DSS security standards council released four versions of the questionnaire to account for different merchant environments.

FAQ A: Addresses requirements applicable to merchants who have outsoursed all cardholder data storage, processing and transmission.

FAQ B: Created to address the requirements pertinent to merchants who process cardholder data via imprint machines or stand alone dial up terminals only.

FAQ C: Constructed to focus on requirements applicable to merchants whose payments application systems are connected to the internet.

FAQ D: Designed to address requirements relevant to all service providers defined by a payment brand as eligible to complete a SAQ, and those merchants who do not fall under the types addressed by SAQ A, B & C.