Genesis VOS (Virtual Office/Store) Visa PABP and PA-DSS (CISP/PCI Compliance) Information
Genesis VOS is Visa Approved and PABP Certified. This also means we are certified to the PA-DSS specification with our VOS versions. If you choose a NON PABP approved shopping cart platform, you may be unable to obtain a merchant account! Why take the risk?
With Genesis VOS, you are choosing to use an elite E-Commerce shopping cart platform that has been certified through the Visa Payment Application Best Practice (PABP) assessment. The certification process confirmed, among other things, that our Cart is secure, does not retain full magnetic stripe data or CVV2 data.
This elite designation confirms that our Cart will not prevent our Clients, the e-commerce merchant, from reaching compliance with the Payment Card Industry (PCI) Data Security Standard. PCI is a set of very detailed standards relating to all merchants or service providers that store, process or transact credit card data.
This quote is direct from VISA:
Visa Announces New Payment Application Security Mandates, October 23, 2007 , Beginning January 1, 2008, Visa will implement a series of mandates to eliminate the use of non-secure payment applications from the Visa payment system. These mandates require acquirers to ensure their merchants and agents do not use payment applications known to retain prohibited data elements and require the use of payment applications that adhere to Visa's Payment Application Best Practices (PABP). PABP-compliant applications help merchants and agents mitigate compromises, prevent storage of prohibited data and support overall compliance with the Payment Card Industry Data Security Standard (PCI DSS) and the Visa U.S.A. Inc. Operating Regulations
VISA MANDATES, OCTOBER 23, 2007
"These mark the first strongly worded, firm deadlines promoted by Visa. Separately, the PCI Security Standards Council recently assumed ownership of the PABP from Visa, which further illustrates the importance of this initiative. Merchants (and developers providing ecommerce solutions for merchants) are either going to quickly adopt the PABP as a cost of doing business, or, they're going to have to start winding down their business. Good for Genesis Virtual Office/Store to be ahead of the competition." - Ryan McGowan, Security Account Manager, Coalfire Systems, Inc. (a certified PCI Consultancy & Assessor)
PABP REQUIRED FOR MERCHANT ACCOUNTS
Additionally, many merchant account providers will NOT EVEN ISSUE MERCHANT ACCOUNTS now if you are not using a PABP approved shopping cart system. With Genesis VOS, this PABP compliance is already done for you, so you have no need to worry.
If you are choosing an uncertified cart or want to use one of the "free" open source cart, beware, as you may be unable to even get a merchant account as of 2010 for Internet based card not present sales! "Free" doesn't sound like too good of a value, if your business is shutdown.
MERCHANT PCI REQUIREMENTS
PCI Compliance is no longer optional, or just a "nice to have" when running an online commercial commerce business. Merchant validation to the PCI standard is determined by the number of transactions processed. What's important to note it, regardless of transaction volume, is that all merchants must be in compliance with PCI. What differs, based on transaction volume, is the manner in which the merchant must attest to compliance. For more information regarding PCI compliance, merchant level definitions and associated attestation requirements, please note the below link:
To download the complete Payment Card Industry Data Security Standard, please note the below link:
Typically, PCI compliance is initially driven by the merchant's acquiring bank. As more of the large brick and mortar retail merchants, and high visibility e-commerce merchants attain compliance or make significant progress towards compliance, smaller and lesser known e-commerce merchants are beginning to get more attention. Today, these banks are broadening their communication to the smaller e-commerce merchants, to ensure they address their current gaps in compliance and work to resolve them. Currently, these banks are levying fines to merchants that do not get in to compliance by previously provided deadlines. Similarly, for merchants that are compromised, they are levying fines and penalties that can quickly exceed one millions dollars.
Genesis VOS, by virtue of our PABP certification, has partnered with longtime PCI assessor Security Metrics, to develop a program aimed to assist our clients in cost effectively attaining compliance. Security Metrics serves as a one-stop shop for PCI, offering a host of services which drive merchants to compliance. Security Metrics is an Approved Scan Vendor (ASV), authorized to provide the required quarterly network scans. The quarterly network scans are a cost effective way to ensure your payment card environment (PCE) is adequately protected. These quarterly scans are a requirement for all merchants. Additionally, Security Metrics provides cost-effect PCI compliance assessment and consulting services, intended to assist merchants with completing the PCI Annual Self Assessment questionnaire, a requirement for all Level 1-3 merchants and select Level 4 merchants.
SECURITY METRICS PCI COMPLIANCE PARTNER SERVICES
Note that even though we provide VISA PABP certification on our software platform, you (the merchant) must still perform and obtain your own PCI compliance, which also involves testing your hosting/server environment with Genesis together with our software.