|
personal information. None of this information is ever at risk. The VUWI does not store credit card or bank account information on either the phone or on the VUWI. The VUWI never transmits credit card or bank account information to the retailer or merchant. It only transmits the amount authorized and the credit card or bank's approval code. In addition, the VUWI always stores a copy of the consumer’s receipt on their phone and on their myvuwi.com account. When using the VUWI to accept credit and debit card payments, you are assured of a safe and secure purchase process, always providing you and your customers with complete peace of mind.
Remember, with an NFC-enabled phone, the thief simply has to "Tap & Go", no pin or other security features prevent the thief from charging to a credit card or bank account. With the VUWI, a pin is required and the consumer can set limits as to the type of purchases and/or to the maximum amount of any purchase. This means less liability for you as a retailer or merchant.
The Secure VUWI swipe option
In addition, if the VUWI model you have selected has an optional credit card swipe you will find that it is the most advanced swiping technology available today. The Secure VUWI swipe option is equipped with a MagneSafe™ IntelliHead. The Magtek® MagneSafe™ IntelliHead is the industry's first magnetic sensing, media validating, counterfeit resistant security module. It is more than just a magnetic read head. It delivers unmatched protection from the inside by capturing more robust magnetic information for next generation security solutions. This heavy-duty pre-aligned reader/authenticator has all of its processing power and communication circuitry located within the mounted authentication sensor. As a result, the MagneSafe IntelliHead sets new standards for enhanced security with excellent environmental resistance. Furthermore, the VUWI uses the MagneSafe Card and Data Authentication encryption as a preventative measure that protects cardholder data at rest and in transit at various points through the payment infrastructure. Then the VUWI ads its own SSL encryption layer as it sends the credit card data to its servers. The credit card data is never transmitted to the cash register or other attached device so the merchant never has access to the consumer’s credit card information. This multi-layer security of MagneSafe and the VUWI SSL layer provides unmatched protection to both cardholders and VUWI B2B partners.
The Secure VUWI Servers
Your credit card information is stored on Coin Free's PCI-DSS compliant servers. Payment Card Industry Data Securitty Standard or PCI DSS, is a set of comprehensive requirements for enhancing payment account data security, which was developed by the founding payment brands of the PCI Security Standards Council, including: American Express, Discover Financial Services, JCB International, MasterCard Worldwide Inc., Visa Inc., and International, to help facilitate the broad adoption of consistent data security measures on a global basis.
The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.
The core of the PCI DSS is a group of principles and accompanying requirements, around which the specific elements of the DSS are organized. Companies complying with the PCI DSS standard must: Build and Maintain a Secure Network; Protect Cardholder Data; Maintain a Vulnerability Management Program; Implement Strong Access Control Measures; Regularly Monitor and Test Networks; and finally, Maintain an Information Security Policy. They must also adhere to the following requirements:
1: Install and maintain a firewall configuration to protect cardholder data
2: Do not use defaults for system passwords and other security parameters
3: Protect stored cardholder data
4: Encrypt transmission of cardholder data across open, public networks
5: Use and regularly update anti-virus software
6: Develop and maintain secure systems and applications
7: Restrict access to cardholder data by business need-to-know
8: Assign a unique ID to each person with computer access
9: Restrict physical access to cardholder data
10: Track and monitor all access to network resources and cardholder data
11: Regularly test security systems and processes
12: Maintain a policy that addresses information security
The Coin Free Servers, which process your BUMP or VUWI credit card transactions and store important customer credit card data, are fully PCI-DSS compliant.
PCI compliance and you — the retailer or Merchant
PCI applies to ALL organizations or merchants, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data. Said another way, if any customer of that organization ever pays the merchant directly using a credit card or debit card, then the PCI DSS requirements apply.
What are the penalties for noncompliance? The payment brands may, at their discretion, fine an acquiring bank $5,000 to $100,000 per month for PCI compliance violations. The banks will most likely pass this fine on downstream till it eventually hits the merchant. Furthermore, the bank will also most likely either terminate your relationship or increase transaction fees. Penalties are not openly discussed nor widely publicized, but they can be catastrophic to a small business. It is important to be familiar with your merchant account agreement, which should outline your exposure.
For More Information on PCI compliance refer to http://www.pcicomplianceguide.org
|
