Approach
Servicehub Login
Approach
/ Industrial Mobility Solutions Rugged devices, printers, robotics, RFID and shared endpoint / Enterprise Mobility Solutions Computers, smartphones, tablets & personal endpoints / Retail Payment Solutions Payment systems, kiosks, mPOS, Contactless, Self-service, BOPIS
Explore by Partner
/ Forward Logistics We excel at finding the right endpoints and lightning-fast deployments for your business. / Reverse Logistics We make managing endpoint repairs, replacements and disposals a breeze. / Maintenance & Support We're your one-stop shop, dedicated to keeping your endpoints at full throttle. / Networking Services Our networking services for your wired, wireless and surveillance environments are second to none. / Unified Endpoint Management Greater numbers of BYOD, COPE and IoT devices are pushing enterprise mobility programs to the limit. / Media & Consumables Our expertise is unmatched when it comes to label materials and adhesives. / Automation & Robotics Helping your business run smarter and faster with custom automation, RFID, and IoT. / Cybersecurity Full-service cybersecurity capabilities from our dedicated division.
/ White Labeling Services TRG will serve as an extension of your internal team, ensuring customer satisfaction and loyalty. / Financing & Leasing River Capital Finance, a TruWest sister company, offers straightforward solutions to financing. / ServiceHub® Our online asset management portal, ServiceHub®, provides endpoint analytics across devices.
Explore all services
/ About Our mission is to lead the future of enterprise technology. / Team Learn more about the TRG team and contact individual team members. / Locations Get more information on each TRG location across the globe. / Careers & Culture From a golf simulator and basketball court to a fully-equipped gym to keep you energized, we have it all.

/ Select Your Language

English (US)English (UK)French CanadianPolishSpanishDutch
/ Industries Retail Transportation & Logistics Manufacturing Hospitality Service Providers Government Education Healthcare
/ Insights & Events Blog News Case Studies eBooks Events Newsletter
/ Partners How to Partner With Us Google Zebra Honeywell SOTI Samsung Elo Panasonic PAX
ServiceHub
Feb 16, 2022
Share

The Need to Secure Payments Grows with Technology Improvements

The need for PCI compliant payment solutions should be a priority for any vendor, retailer or organization that takes card payments. From the largest corporate retailers to the local eatery down the street, every merchant that accepts credit card payments — both online and offline — is required to comply with PCI Data Security Standard (DSS) requirements. 

The PCI DDS is a set of general practices and guidelines set forth by the PCI Security Standards Council (PCI SSC), a non-profit organization that ensures cardholder information (card number, name, expiration date, CVV number) is transmitted, stored and handled securely. PCI SSC sets out the technical and operational requirements for any vendor or merchant that accepts or processes payment transactions, as well as manufacturers and developers involved in the production of devices or applications that are used in these transactions.

How your business proves PCI compliance will depend on how many transactions you process each year, and whether you’re a merchant or service provider.

Merchant Levels

  • Level 1: 6 million+ transactions per year; validated by annual audit, plus quarterly scans and penetration tests
  • Level 2: 1 to 6 million transactions per year; validated by annual self-attest, plus quarterly scans and penetration tests
  • Level 3: 20,000 to 1 million transactions per year; validated by annual self-attest, plus quarterly scans and penetration tests
  • Level 4: Less than 20,000 transactions per year; validated by annual self-attest, plus quarterly scans and penetration tests

Service Provider Levels

  • Level 1: More than 300,000 transactions per year; validated by annual audit, plus quarterly scans and penetration tests
  • Level 2: Less than 300,000 transactions per year; validated by annual self-attest, plus quarterly scans and penetration tests

Annual audits are more involved and complicated than self-assessments. As a general rule, the more cardholder data you have, the more work you’ll have to do in order to properly secure it. However, by incorporating validated end-to-end PCI compliant payment solutions, you’ll be able to streamline your list of requirements to adhere to PCI DDS.

The Gold Standard in PCI Compliant Payment Solutions

Point-to-point encryption (P2PE) and tokenization have emerged as two payment security options that help keep credit card information secure and limit how much data is exposed to the merchant. Let’s define what each means and how adapting them can help alleviate some of the pressures facing merchants especially.

P2PE

This encrypts (protects) payment card data at the point of interaction (POI) device, such as when you slot your EMV chip-enabled card into a reader as the register, until it reaches the secure endpoint where it is processed for payment and validation is returned to the merchant (i.e. payment approved). Encryption converts the card data into an unintelligible form — anyone who intercepts the data after the encryption shouldn’t have the means to revert the data back to its original form.

PCI-approved P2PE solutions have been independently assessed against the PCI Point-to-Point Encryption Solution Requirements and Testing Procedures (the P2PE Standard). An approved solution includes not just the point-to-point encryption, but also validated hardware, software and solution provider environment and processes. Validation is done by a PCI-qualified P2PE assessor.

The PCI SSC also publishes lists of approved P2PE Applications and Components. These may be used as parts of a validated P2PE Solution. If your business is using only a P2PE Application or a P2PE Component listed by the PCI SSC, that does not mean you are using a validated P2PE Solution.

Tokenization

Tokenization secures transactions by replacing payment information with unique identification symbols that retain all the essential information about the data without compromising its security. These tokens allow businesses to provision customer accounts, set up scheduled payments, and manage payment settings without handling sensitive cardholder information each time.

Tokens use a public and private key to work. The public key allows for token creation, while the private key allows the merchant to issue single or recurring payments. This form of payment security helps ensure cardholder data is stored securely and reduces the amount of times payment information is transmitted over the Internet.

Tokenization is gaining in popularity. The use of digital wallets and QR codes are just two examples of the technology in action that are gaining traction. Also, you can set up tokens in a variety of ways: You could have a token set up from your smartphone, a smart watch or even your car that can then provide payments to one specific vendor or several.

Why Should I Use PCI Compliant Payment Solutions?

When correctly implemented, using a PCI SSC listed P2PE solution — installed in the PCI manner, adhering to the PCI manual and vetted by a PCI approved auditor — offers several benefits:

  1. Lowers the risk of payment card data loss: Data is encrypted at the POI and cannot be decrypted in your environment
  2. Reduces the extent of your PCI DSS assessment scope: You can consider any connected point-of-sale system, your network and other components/devices sharing that network to be out of scope
  3. Simplifies PCI DSS compliance: Fewer applicable PCI DSS requirements, simplified compliance assessment, and a potential reduction in the cost of maintaining compliance.
Consequences of Forgoing PCI Compliant Payment Solutions

For many retailers, the effort to continue to deploy PCI compliant payment solutions are hampered by budget constraints, constantly evolving payment technology — and over the last two years, the worldwide pandemic. Merchants are asked to process card payments in more ways — in store and online — and must still be able to secure that data and meet PCI requirements. Many have to do all of that with potentially less funding because of the economic downturn hoisted upon everyone from COVID-related issues.

But failing to meet PCI compliance also comes with steep costs. For example, one major U.S. retailer exposed the payment data of 70 million customers.

What Happens If I Fail to Comply?

In the event of a data breach, the damage done due to a non-compliant payment system can be significant.

  • Fines: After a breach, non-compliant websites can be forced to pay hefty fines by regulators

  • Suspension of credit cards: If you experience a data breach, PCI regulators can revoke your ability to accept credit card payments

  • Mandatory forensic examination: You may be required to undergo an expensive and time-consuming forensic examination with an approved PCI Forensic Investigator (FSI)

  • Liability for charges of fraud: It’s possible that you will be liable in a fraud lawsuit if your customers’ sensitive data has been stolen

  • Credit card replacement costs: The cost of reissuing credit cards (including shipping, communication, and activation) may be passed onto you by card issuers

  • Notification and credit monitoring: You may be required to inform all customers of a security breach, as well as provide affected customers with credit monitoring services

  • Reassessment for PCI compliance: Finally, you may need to undergo a complete PCI reassessment to regain the ability to accept credit cards

TRG Delivers Payment Security Solutions

At TRG, we’re committed to ‘Making Technology Simple’ — specifically within enterprise mobility, point of sale and payment processing solutions. TRG’s payment security is powered by MRK Technologies, a sister company of TRG under the TruWest Companies umbrella. MRK Technologies brings decades of experience, and the people, process and procedure to deliver unparalleled results.
Our combined portfolio of experience and expertise provides us with the credentials to implement the PCI compliant payment solutions you need:

  • Certified PCI P2PE Solutions Provider

  • QIR and CTGA Personnel on Staff

  • PCI PIN ANSI TR-39 Level 3 certified

  • Registered ESO, sponsored by Wells Fargo and Bank of America

  • Validated Service Provider through VISA®

  • Member of the PCI Security Standards Council

  • Payment Terminal Key Injection Facility


TRG payment security and PCI credentials


TRG also works as an extension of your team to provide a suite of solutions to monitor, advise, alert and respond to information security threats 24/7/365. With TRG, you don’t just get recommendations and security product suggestions — you get direct access to the collective expertise and experience of our seasoned information security professionals.

With the industry’s most comprehensive suite of lifecycle management services, we offer other services like our Unified Endpoint Management (UEM) Support to help you fully optimize your enterprise mobility program across a broad range of devices and operating systems. Our Onsite Services are tailored to each customer’s requirements and are backed by our expert technicians.

Connect with TRG to learn more about implementing PCI compliant payment solutions to protect cardholder data and efficiently address your compliance assessments.

CannaCon
/ EVENT CannaCon
7 Things You Need
to Know About Voice Picking for Retail
/ BLOG 7 Things You Need
to Know About Voice Picking for Retail
From Table to Tech: The Best Restaurant Technology Solutions
/ BLOG From Table to Tech: The Best Restaurant Technology Solutions

Subscribe To Our Monthly Insights

Subscribe
[Error loading the WebPart 'TRG_RelatedContent' of type 'TRG-RelatedContent']
[Error loading the WebPart 'TRG_FooterCTA' of type 'TRG-FooterCTA']
ServiceHub Login Contact TRG
Solutions
Enterprise Mobility Solutions Industrial Mobility Solutions Retail Technology Solutions
Services Forward Logistics Reverse Logistics Maintenance & Support Unified Endpoint Management Cybersecurity Financing & Leasing Channel & White Label ServiceHub Media & Consumables Networking Services
Industries
Retail Transportation & Logistics Manufacturing Hospitality Service Providers Government Education Healthcare
About Our Approach Our Team Our Locations Careers at TRG TruWest Holdings
Insights & Events News Blog Case Studies eBooks Events Newsletter
Terms & Conditions Privacy Notice Return Policy
©2024 TRG All Rights Reserved
Enterprise Mobility SolutionsIndustrial Mobility SolutionsRetail Technology Solutions
Forward LogisticsReverse LogisticsMaintenance & SupportUnified Endpoint ManagementCybersecurityFinancing & LeasingChannel & White LabelServiceHubMedia & ConsumablesNetworking Services
RetailTransportation & LogisticsManufacturingHospitalityService ProvidersGovernmentEducationHealthcare
Our ApproachOur TeamOur LocationsCareers at TRGTruWest Holdings
NewsBlogCase StudieseBooksEventsNewsletter
Terms & Conditions Privacy Notice Return Policy
©2024 TRG All Rights Reserved