PASS (Payment Account Secure Storage) - Flash Transcript
Due to an alarming increase in cardholder data breaches, all businesses that accept credit cards must comply with the Payment Card Industry Data Security Standard (PCI DSS), a recent set of standards created by the major credit card companies. Failure to comply will result in heavy fines, restrictions or permanent expulsion of credit card acceptance programs.
Now a unique new technology, Payment Account Secure Storage, PASS, provides businesses to protect themselves from security breaches and easily comply with PCI DSS. The number one reason for both cardholder data security compromise and the failure to comply with PCI DSS is the inability of business to protect stored data.
In the last ten years, the number of credit cards in circulation has nearly doubled. Unfortunately, credit card fraud has increased just as rapidly. Banks that issue credit cards lost $1.14 billion to fraud in 2005. In 2006, this number has increased ten percent. The largest data security compromise was made public in 2007. A single major retailer, TJX, was found responsible for the loss of approximately 96 million credit and debit card numbers. This breach is estimated to cost TJX alone in excess of $1 billion in fines, law suits and cost to replace stolen credit cards.
According to VISA, smaller businesses are not immune. Combined, they account for ninety-nine percent of all businesses that accept credit cards. Likewise, they account for eighty-five percent of all security breaches.
Yet the highest cost of a data security compromise isn’t the fines, lawsuits or the cost of reissuing cards, it’s the loss of consumer confidence. A study from Javelin Strategy and Research recently found that seventy eight percent of consumers polled said they would stop shopping at a store that had suffered a data breach.
To date, putting all the necessary processes and procedures in place to avoid a security breach has been expensive and time consuming. Furthermore, businesses that must store sensitive data typically fall into one of the following four states: unaware of any risk, aware of risk but not sure what to do, lack the necessary resources to mitigate the risk, commit the necessary resources and carry the full burden of the risk. Regardless of the state, businesses now have the ability to completely eliminate the liability of storing sensitive data by removing the data altogether.
Payment Account Secure Storage, PASS, is a unique, new technology that allows businesses to offload the responsibility of storing sensitive data to a trusted PCI DSS compliant partner.
How Does it Work?
1. Business accepts cardholder data in usual manner.
2. Business securely transmits cardholder data to PCI DSS compliant storage facility.
3. A unique reference pointer is supplied by the storage facility for each record transmitted by the business.
4. Reference pointer is now stored at the place of business in place of cardholder data.
5. Future payment transactions are transmitted from the business with reference pointer in place of cardholder data.
By removing the sensitive data, PASS provides businesses the ability to easily comply with PCI DSS and entirely eliminates the risk of storing cardholder data.
To learn more about how PASS will help your business, please click here.