Are You Providing the Right Level of Security?
Heartland ECSI can help. With Heartland SecureTM, you can rest easy when we are managing your payment process.
To underscore our commitment to the security and compliance of payment processing, Heartland is Payment Card Industry (PCI) compliant and a member of the PCI Security Standards Council—a global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection. In addition to our affiliations, Heartland is also a PCI Level one (1) certified solution provider.
Heartland monitors the transaction volume for all merchants to identify the PCI DSS compliance level. For the Level 1 and Level 2 merchants who are required to complete the Report on Compliance (ROC), Heartland provides monitoring and reminders, applies for extensions as applicable and serves as the liaison between the merchant and the brands. For our small and medium business customers, we recommend that you download and enact what is required for you to be PCI compliant.
THE TOKENIZATION PROCESS
After processing a credit or debit card transaction, the data is sent to Heartland who authorizes the transaction and returns a token, which replaces sensitive card holder data with a surrogate value that cannot be mathematically reversed or “decrypted” to expose the card holder number; the token can then be stored in the POS/PMS system for use at a later time (i.e. folio billing at a hotel, recurring billing such as monthly insurance installments, etc.). Tokens can be generated in various formats, one of which is a format-preserving token (FPT) that matches formatting characteristics of card holder’s account number (i.e. 15-digit token for AMEX, 16-digit for Visa, MC, Discover). The original account information that is associated with the token is stored in Heartland’s Data Vault where it is safe from would-be hackers.
END TO END ENCRYPTION
The authorization process—initiated when the card is read at a terminal or card number is key entered then passed through the merchant’s network to Heartland for authorization—is a crucial stage in the payment transaction process and one that can be protected through end-to-end encryption.
Unlike point-to-point encryption, end-to-end encryption is direct to Heartland so there are no additional points in the transaction where the data is decrypted before being passed to Heartland, minimizing the opportunities for compromise by hackers and criminals. Terminals and customer card entry devices with the end-to-end encryption label feature a tamper-resistant security module, so that the device can’t be converted into a skimming device. Unlike less secure solutions that solely rely on hardware or software encryption, end-to-end encryption provides protection in both hardware and software to ensure sensitive information is useless to would-be hackers.
NEVER PAY MORE TO BE SECURE. We believe so strongly in the ability of end-to-end encryption to protect card holder data that, as stated in Heartland’s end-to-end encryption warranty, we will reimburse you for any breach-related fines and forensic fees should transactions protected by end-to-end encryption be breached.
EMV AND THE FUTURE OF PAYMENTS
The EMV standard—which is being used throughout the world—serves as the backbone for future payment technologies, and, once adopted here in the U.S., will drive continued growth. Unlike traditional magstripe technology that leverages magnetic stripes on cards to be swiped through a terminal, EMV technology uses a unique microprocessor chip inside each card that is inserted into a slot on a payment device that reads the chip data as well as generates a dynamic data element making it virtually impossible to duplicate the transaction. Learn what you need to do to prepare your point-of-sale system (POS) for this technology by watching our EMV & Security Video.
EMV DATES YOU NEED TO KNOW
Effective Oct. 1, 2012, Visa expanded their Technology Innovation Program (TIP) to the U.S. and eliminated the requirement for eligible merchants (Level 1 and 2 merchants processing over 1 million Visa transactions annually) to annually validate their compliance with the PCI Data Security Standard for any year in which at least 75% of the merchant's Visa transactions originate from dual-interface chip-enabled terminals. MasterCard has also implemented a similar program for PCI audit relief.
By April 1, 2013, acquirers such as Heartland need to have their hosts certified with the card brands to accept transactions.
On Oct. 1, 2015, merchant liability goes into effect. If a merchant has not installed an EMV-certified terminal and accepts a card that turns out to be fraudulent, the merchant will be charged back the transaction.
MAKING THE DECISION TO IMPLEMENT EMV
The second step a retailer must take regardless of size is to decide whether or not to implement EMV payment acceptance. As per the card brands, it is not mandatory for a business accepting payments to implement EMV. Becoming your own subject matter expert is your best insurance for a successful migration to EMV payments acceptance. Since the liability shift begins for merchants in October 2015, a retailer must consider the chargeback losses that can be attributed to card fraud and estimate what those levels of card fraud will be after the liability shift begins. Other markets, such as Canada and the UK, have seen a reduction in card fraud at EMV-payment accepting merchants and fraud growth in those that do not accept EMV, as well as in card-not-present environments.
Another consideration is student/payer perception. What will my students/payers think of our institution for not accepting chip cards if major retailers such as Walmart®, as well as other local small to mid-sized merchants accept chip cards? Concern for security has been stated in several mobile payment studies as to why a percentage of consumers do not use their mobile phone for financial transactions. Although we see that number declining, it does show that consumers are aware of the risks and will most likely respect businesses that are like-minded.
Other factors to consider include the cost for upgrading, updating or replacing your acceptance infrastructure for EMV. Heartland ECSI can help with that information.
School Contact Info
General Support 1.800.437.6931
Loan Servicing 1.888.549.3274
Student / Borrower Contact Info
Tuition Payment Plans 1.866.927.1438
Tax Documents 1.866.428.1098
(c) 2013 Heartland Payment Systems, Inc. (NYSE:HPY)
Heartland Payment Systems Inc. is a registered ISO/MSP of Wells Fargo Bank, N.A., Walnut Creek, CA, and The Bankcorp Bank, Philadelphia, PA.
Mission & Core Values
About Global Payments
General Sales 1.866.841.3274
Support for Schools
Student Loan Services
Tuition Payment Plans
Tax Document Services