{"id":5218,"date":"2020-04-23T06:55:24","date_gmt":"2020-04-23T06:55:24","guid":{"rendered":"https:\/\/www.temok.com\/blog\/?p=5218"},"modified":"2024-02-12T09:53:31","modified_gmt":"2024-02-12T05:53:31","slug":"pci-compliant-hosting","status":"publish","type":"post","link":"https:\/\/www.temok.com\/blog\/pci-compliant-hosting\/","title":{"rendered":"PCI Compliant Hosting: PCI DSS and Online Payment Process"},"content":{"rendered":"<span class=\"span-reading-time rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\"><\/span> <span class=\"rt-time\"> 9<\/span> <span class=\"rt-label rt-postfix\">min read<\/span><\/span>\r\n<p>Payment Card Industry Data Security Standard specifies the minimum requirements of security for software vendors, merchants, or any organizations that process or transmit credit card data. Whether you are directly dealing with payments or using a third-party payment processor, compliance is mandatory otherwise you will be banned or pay monthly fines. To accept credit card payments, you need to use PCI compliant hosting and other PCI requirements that are discussed in this article.\u00a0<\/p>\r\n\r\n\r\n\r\n<p>You will also understand the complete process of making online payments using credit cards, merchant PCI DSS levels, quality assurance techniques, and many more.<\/p>\r\n\r\n\r\n\r\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_83 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a0d86d96bb8a\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a0d86d96bb8a\"  aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.temok.com\/blog\/pci-compliant-hosting\/#What_is_PCI_DSS\" >What is PCI DSS?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.temok.com\/blog\/pci-compliant-hosting\/#Overview_of_PCI_Security_Standards\" >Overview of PCI Security Standards<\/a><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.temok.com\/blog\/pci-compliant-hosting\/#a_PCI_Data_Security_Standard_PCI_DSS\" >a. PCI Data Security Standard (PCI DSS)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.temok.com\/blog\/pci-compliant-hosting\/#b_Payment_Application_Data_Security_Standard_PA_DSS\" >b. Payment Application Data Security Standard (PA DSS)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.temok.com\/blog\/pci-compliant-hosting\/#c_Personal_Identification_Number_PIN_Transaction_Security_Requirement_PTS\" >c. Personal Identification Number (PIN) Transaction Security Requirement (PTS)<\/a><\/li><\/ul><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.temok.com\/blog\/pci-compliant-hosting\/#What_are_the_Merchant_PCI_DSS_Levels\" >What are the Merchant PCI DSS Levels?<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.temok.com\/blog\/pci-compliant-hosting\/#Level_1\" >Level 1<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/www.temok.com\/blog\/pci-compliant-hosting\/#Level_2\" >Level 2<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/www.temok.com\/blog\/pci-compliant-hosting\/#Level_3\" >Level 3<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/www.temok.com\/blog\/pci-compliant-hosting\/#Level_4\" >Level 4<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/www.temok.com\/blog\/pci-compliant-hosting\/#Every_Credit_Card_Transaction_is_Based_on_the_Following_Participants\" >Every Credit Card Transaction is Based on the Following Participants<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/www.temok.com\/blog\/pci-compliant-hosting\/#Cardholder\" >Cardholder<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/www.temok.com\/blog\/pci-compliant-hosting\/#Merchant\" >Merchant<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/www.temok.com\/blog\/pci-compliant-hosting\/#Acquiring_Bank\" >Acquiring Bank<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/www.temok.com\/blog\/pci-compliant-hosting\/#Acquiring_Processor\" >Acquiring Processor<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/www.temok.com\/blog\/pci-compliant-hosting\/#Credit_Card_Network_CCD\" >Credit Card Network (CCD)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/www.temok.com\/blog\/pci-compliant-hosting\/#Issuing_Bank\" >Issuing Bank<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-18\" href=\"https:\/\/www.temok.com\/blog\/pci-compliant-hosting\/#Credit_Card_Transaction_Process\" >Credit Card Transaction Process<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-19\" href=\"https:\/\/www.temok.com\/blog\/pci-compliant-hosting\/#Stage_1_Authorization\" >Stage 1: Authorization<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-20\" href=\"https:\/\/www.temok.com\/blog\/pci-compliant-hosting\/#Stage_2_Authentication\" >Stage 2: Authentication<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-21\" href=\"https:\/\/www.temok.com\/blog\/pci-compliant-hosting\/#Stage_3_Clearing_Settlement\" >Stage 3: Clearing &amp; Settlement<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-22\" href=\"https:\/\/www.temok.com\/blog\/pci-compliant-hosting\/#How_Can_You_Secure_Cardholders_Data\" >How Can You Secure Cardholder\u2019s Data?<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-23\" href=\"https:\/\/www.temok.com\/blog\/pci-compliant-hosting\/#Technology\" >Technology<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-24\" href=\"https:\/\/www.temok.com\/blog\/pci-compliant-hosting\/#Security\" >Security<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-25\" href=\"https:\/\/www.temok.com\/blog\/pci-compliant-hosting\/#Why_PCI_Compliant_Hosting\" >Why PCI Compliant Hosting?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-26\" href=\"https:\/\/www.temok.com\/blog\/pci-compliant-hosting\/#PCI_DSS_Requirements\" >PCI DSS Requirements<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-27\" href=\"https:\/\/www.temok.com\/blog\/pci-compliant-hosting\/#Implement_a_Quality_Assurance_Process\" >Implement a Quality Assurance Process<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-28\" href=\"https:\/\/www.temok.com\/blog\/pci-compliant-hosting\/#1_PCI_Compliant_Hosting\" >1. PCI Compliant Hosting<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-29\" href=\"https:\/\/www.temok.com\/blog\/pci-compliant-hosting\/#2_Shopping_Cart\" >2. Shopping Cart<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-30\" href=\"https:\/\/www.temok.com\/blog\/pci-compliant-hosting\/#3_Employees\" >3. Employees<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-31\" href=\"https:\/\/www.temok.com\/blog\/pci-compliant-hosting\/#Conclusion\" >Conclusion<\/a><\/li><\/ul><\/nav><\/div>\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"What_is_PCI_DSS\"><\/span><strong>What is PCI DSS?<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\r\n\r\n\r\n\r\n<figure class=\"wp-block-image size-large\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-5236\" src=\"https:\/\/i0.wp.com\/www.blog.temok.com\/wp-content\/uploads\/2020\/04\/pci2-1.jpg?resize=750%2C500&#038;ssl=1\" alt=\"What is PCI DSS?\" width=\"750\" height=\"500\" srcset=\"https:\/\/i0.wp.com\/blog.temok.com\/wp-content\/uploads\/2020\/04\/pci2-1.jpg?w=750&amp;ssl=1 750w, https:\/\/i0.wp.com\/blog.temok.com\/wp-content\/uploads\/2020\/04\/pci2-1.jpg?resize=300%2C200&amp;ssl=1 300w\" sizes=\"auto, (max-width: 750px) 100vw, 750px\" \/><\/figure>\r\n\r\n\r\n\r\n<p>PCI DSS short for Payment Card Industry Data Security Standard is a set of security standards formed by Visa, MasterCard, JCB International, Discover Financial Services, and American Express in 2004. These standards are governed by the Payment Card Industry Security Standards Council (<a href=\"https:\/\/www.pcisecuritystandards.org\/\" target=\"_blank\" rel=\"noopener\">PCI SSC<\/a>), the compliance scheme aiming to prevent data breaches and secure credit and debit card transactions.<\/p>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Overview_of_PCI_Security_Standards\"><\/span><strong>Overview of PCI Security Standards<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\r\n\r\n\r\n\r\n<p>PCI security standards are a set of rules and guidelines for any organization that stores or processes cardholder data.\u00a0 The technical requirements are well-defined for three main sectors; software vendors\/developers, manufacturers, and acquirers (merchants, or service providers). Issuers or service providers are the most vulnerable group when it comes to consumer data loss. It is also necessary to use PCI compliant hosting for websites that involve online payment processing.<\/p>\r\n\r\n\r\n\r\n<figure class=\"wp-block-image size-large\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-5237\" src=\"https:\/\/i0.wp.com\/www.blog.temok.com\/wp-content\/uploads\/2020\/04\/pci1-1.jpg?resize=750%2C500&#038;ssl=1\" alt=\"Overview of PCI Security Standards\" width=\"750\" height=\"500\" srcset=\"https:\/\/i0.wp.com\/blog.temok.com\/wp-content\/uploads\/2020\/04\/pci1-1.jpg?w=750&amp;ssl=1 750w, https:\/\/i0.wp.com\/blog.temok.com\/wp-content\/uploads\/2020\/04\/pci1-1.jpg?resize=300%2C200&amp;ssl=1 300w\" sizes=\"auto, (max-width: 750px) 100vw, 750px\" \/><\/figure>\r\n\r\n\r\n\r\n<p>All these three security standards are related as you can view in the following section:<\/p>\r\n\r\n\r\n\r\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"a_PCI_Data_Security_Standard_PCI_DSS\"><\/span>a. <strong>PCI Data Security Standard (PCI DSS)<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h4>\r\n\r\n\r\n\r\n<p>This is the core component and is specially designed for vendors or merchants. It has several controls and methods that are necessary to be in place for the protection of cardholder data.<\/p>\r\n\r\n\r\n\r\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"b_Payment_Application_Data_Security_Standard_PA_DSS\"><\/span>b. <strong>Payment Application Data Security Standard (PA DSS)<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h4>\r\n\r\n\r\n\r\n<p>\u00a0This is especially true for software vendors, developers, or organizations that develop and sell software for processing payments. Only secure and approved payment processing is used in the software application.<\/p>\r\n\r\n\r\n\r\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"c_Personal_Identification_Number_PIN_Transaction_Security_Requirement_PTS\"><\/span>c. <strong>Personal Identification Number (PIN) Transaction Security Requirement (PTS)<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h4>\r\n\r\n\r\n\r\n<p>This security standard is for manufacturers of payment processing devices that businesses use at POS (Point of sale). It is necessary to use devices that better comply with PTS.<\/p>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"What_are_the_Merchant_PCI_DSS_Levels\"><\/span><strong>What are the Merchant PCI DSS Levels?<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\r\n\r\n\r\n\r\n<p>Keep in mind, the PCI guidelines are necessary for all parties that are involved in this complete process. Merchants PCI DSS is divided into four levels that are differentiated based on annual transactions. The details may vary according to the credit card company but you can get an overview of the basics.\u00a0\u00a0<\/p>\r\n\r\n\r\n\r\n<figure class=\"wp-block-image size-large\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-5233\" src=\"https:\/\/i0.wp.com\/www.blog.temok.com\/wp-content\/uploads\/2020\/04\/pci3-1.jpg?resize=750%2C500&#038;ssl=1\" alt=\"What are the Merchant PCI DSS Levels\" width=\"750\" height=\"500\" srcset=\"https:\/\/i0.wp.com\/blog.temok.com\/wp-content\/uploads\/2020\/04\/pci3-1.jpg?w=750&amp;ssl=1 750w, https:\/\/i0.wp.com\/blog.temok.com\/wp-content\/uploads\/2020\/04\/pci3-1.jpg?resize=300%2C200&amp;ssl=1 300w\" sizes=\"auto, (max-width: 750px) 100vw, 750px\" \/><\/figure>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Level_1\"><\/span><strong>Level 1<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\r\n\r\n\r\n\r\n<p>This level is for those merchants or vendors that process more than 6 million transactions per year and experienced a cyber-attack that resulted in the compromise of cardholder\u2019s data. Because of the huge volume of their transactions per year, they need to carry out additional measures to safeguard their processing system. They will use the PCI compliant hosting to maintain the required security. Every merchant at this level should complete an annual internal audit and conduct quarterly PCI scans to assess vulnerability. Don\u2019t forget to check the latest requirements before setting procedures.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Level_2\"><\/span><strong>Level 2<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\r\n\r\n\r\n\r\n<p>Merchants that process 1 to 6 million transactions per year are categorized at this level. They should complete an annual risk assessment using SAQ and conduct quarterly PCI scans to spot weak points.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Level_3\"><\/span><strong>Level 3<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\r\n\r\n\r\n\r\n<p>This category is referred to those merchants who process 20,000 to 1 million transactions per year. They should complete an annual risk assessment using SAQ (Self-Assessment Questionnaire) and conduct quarterly PCI scans to fulfill vulnerability requirements.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Level_4\"><\/span><strong>Level 4<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\r\n\r\n\r\n\r\n<p>This level is for those merchants who process less than 20,000 e-commerce transactions per year and for those who process less than 1 million e-transactions per year. They should also complete an annual risk assessment using the Self-Assessment Questionnaire (SAQ) and conduct quarterly PCI scans to keep compliance up to date.<\/p>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Every_Credit_Card_Transaction_is_Based_on_the_Following_Participants\"><\/span><strong>Every Credit Card Transaction is Based on the Following Participants<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Cardholder\"><\/span><strong>Cardholder<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\r\n\r\n\r\n\r\n<p>It is the person having a credit card from any bank either can \u201ctransactor\u201d who repays all the credit balance or \u201crevolver\u201d who will repay only a portion of the balance while the rest accrues interest.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Merchant\"><\/span><strong>Merchant<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\r\n\r\n\r\n\r\n<p>This is the online store or vendor that sells products or services to any cardholder and accepts credit card payments. The merchant requests the issuing bank to pay his charges from the account of the cardholder.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Acquiring_Bank\"><\/span><strong>Acquiring Bank<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\r\n\r\n\r\n\r\n<p>The authority is responsible for receiving payment authorization requests from the merchant side and sending all the requests to the issuing bank using a proper channel. It then transmits the response of issuing banks to the vendor or merchant.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Acquiring_Processor\"><\/span><strong>Acquiring Processor<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\r\n\r\n\r\n\r\n<p>It is a third-party entity that provides a device that is used to accept credit cards as well as send credit card payment details to CCD (Credit Card Network) and give a response to the acquiring bank.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Credit_Card_Network_CCD\"><\/span><strong>Credit Card Network (CCD)<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\r\n\r\n\r\n\r\n<p>CCDs operate the networks that process credit card payments all over the world and govern the interchange fees. CCDs like Visa and MasterCard receive the details of credit card payments from the acquiring processor and forward the authorization request to the issuing bank. CCD is also responsible for sending the issuing response back to the acquiring processor.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Issuing_Bank\"><\/span><strong>Issuing Bank<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\r\n\r\n\r\n\r\n<p>This is the bank or any financial institution that issued the credit card to cardholders. This institution accepts or rejects any transaction request received by the CCD.<\/p>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Credit_Card_Transaction_Process\"><\/span><strong>Credit Card Transaction Process<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\r\n\r\n\r\n\r\n<p>Credit card transactions are processed through a variety of platforms, including brick-and-mortar stores, e-commerce stores, wireless terminals, and phone or mobile devices. The entire cycle \u2014 from the time you slide your card through the card reader until a receipt is produced \u2014 takes place within two to three seconds. Using a brick-and-mortar store purchase as a model, we\u2019ve broken down the transaction process into three stages (the \u201cclearing\u201d and \u201csettlement\u201d stages take place simultaneously):<\/p>\r\n\r\n\r\n\r\n<p>Credit card transactions are made by different e-commerce online stores, mobile devices, etc. and the process begins when you slide your credit card into a card reader until you receive a receipt. It usually takes only 2 to 3 seconds to perform this complete payment process. This entire cycle is divided into three main stages: Authorization &#8211;\u00a0 Authentication &#8211; Clearing\u00a0 &amp; Settlement.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Stage_1_Authorization\"><\/span><strong>Stage 1: Authorization<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\r\n\r\n\r\n\r\n<p>In this stage, the merchant or vendor needs approval for payment from the credit card issuing bank.<\/p>\r\n\r\n\r\n\r\n<p>The cardholder gives the credit card to the vendor\/merchant at the (POS) point of sale. The merchant swipes the card into the POS terminal and all details of the payment are sent to the acquiring bank using the internet. Then the bank forwards the details to the CCD (Credit Card Network).<\/p>\r\n\r\n\r\n\r\n<p>The CCD clears the payment and makes a payment authorization request that includes the following:<\/p>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li>Credit card number<\/li>\r\n<li>Expiry date<\/li>\r\n<li>Billing address<\/li>\r\n<li>Card security code<\/li>\r\n<li>Payment amount<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<p>As you can see in the picture given below:<\/p>\r\n\r\n\r\n\r\n<figure class=\"wp-block-image size-large\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-5247\" src=\"https:\/\/i0.wp.com\/www.blog.temok.com\/wp-content\/uploads\/2020\/04\/pci4-2.jpg?resize=750%2C500&#038;ssl=1\" alt=\"Authorization\" width=\"750\" height=\"500\" srcset=\"https:\/\/i0.wp.com\/blog.temok.com\/wp-content\/uploads\/2020\/04\/pci4-2.jpg?w=750&amp;ssl=1 750w, https:\/\/i0.wp.com\/blog.temok.com\/wp-content\/uploads\/2020\/04\/pci4-2.jpg?resize=300%2C200&amp;ssl=1 300w\" sizes=\"auto, (max-width: 750px) 100vw, 750px\" \/><\/figure>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Stage_2_Authentication\"><\/span><strong>Stage 2: Authentication<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\r\n\r\n\r\n\r\n<p>Authentication is necessary for any online transaction and is made by checking credit card validity using different fraud protection tools like AVS (Address Verification Service), card security codes, and CID.<\/p>\r\n\r\n\r\n\r\n<p>The financial institution or issuing bank will receive the payment authorization request from the CCD and validate the card number, check the account balance, verify the billing address, and validate the CVV number. The issuing bank approves or rejects the transaction and sends back the response to the vendor\/merchant using the same channels: CCD and the acquiring bank.<\/p>\r\n\r\n\r\n\r\n<p>Once the merchant receives the authorization, the financial institution will place a hold on the amount of the purchase on account. The POS terminal will collect all approved authorizations in a \u201cbatch\u201d at the end of every business day. After receiving the authentication the customer will receive a receipt to complete the sale as you can view the complete process in the picture given below.<\/p>\r\n\r\n\r\n\r\n<figure class=\"wp-block-image size-large\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-5249\" src=\"https:\/\/i0.wp.com\/www.blog.temok.com\/wp-content\/uploads\/2020\/04\/pci5-2.jpg?resize=750%2C500&#038;ssl=1\" alt=\"Authentication\" width=\"750\" height=\"500\" srcset=\"https:\/\/i0.wp.com\/blog.temok.com\/wp-content\/uploads\/2020\/04\/pci5-2.jpg?w=750&amp;ssl=1 750w, https:\/\/i0.wp.com\/blog.temok.com\/wp-content\/uploads\/2020\/04\/pci5-2.jpg?resize=300%2C200&amp;ssl=1 300w\" sizes=\"auto, (max-width: 750px) 100vw, 750px\" \/><\/figure>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Stage_3_Clearing_Settlement\"><\/span><strong>Stage 3: Clearing &amp; Settlement<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\r\n\r\n\r\n\r\n<p>In this stage, the transaction is posted to both the merchant\u2019s statement and the cardholder\u2019s monthly billing statement simultaneously.<\/p>\r\n\r\n\r\n\r\n<p>At the end of every business day, the merchant will send all approved authorizations to the acquiring bank. The acquiring process will forward all the information to the CCD for settlement. In the end, each approved transaction will be forwarded to the appropriate banks from the CCD. Usually, this process begins within 24 to 48 hours of the transaction, and the financial institution will transfer the funds less an \u201cinterchange fee,\u201d which it shares with the CCD. The acquiring bank will receive the respective percentage from the remaining funds.<\/p>\r\n\r\n\r\n\r\n<p>The acquiring bank transfers the amount to the merchant\u2019s account for particular purchases, less a \u201cmerchant discount rate.\u201d Now, the transaction information will be posted to the cardholder\u2019s account and he will pay the bill after a specified period. As you can see the complete process is in the picture given below.<\/p>\r\n\r\n\r\n\r\n<figure class=\"wp-block-image size-large\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-5250\" src=\"https:\/\/i0.wp.com\/www.blog.temok.com\/wp-content\/uploads\/2020\/04\/pci6-2.jpg?resize=750%2C500&#038;ssl=1\" alt=\"Clearing &amp; Settlement\" width=\"750\" height=\"500\" srcset=\"https:\/\/i0.wp.com\/blog.temok.com\/wp-content\/uploads\/2020\/04\/pci6-2.jpg?w=750&amp;ssl=1 750w, https:\/\/i0.wp.com\/blog.temok.com\/wp-content\/uploads\/2020\/04\/pci6-2.jpg?resize=300%2C200&amp;ssl=1 300w\" sizes=\"auto, (max-width: 750px) 100vw, 750px\" \/><\/figure>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"How_Can_You_Secure_Cardholders_Data\"><\/span><strong>How Can You Secure Cardholder\u2019s Data?<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\r\n\r\n\r\n\r\n<p>PCI Security Standards guidelines suggest two methods for fixing any loopholes in the process to ensure the safety of cardholder data.<\/p>\r\n\r\n\r\n\r\n<p>The following are the main processes used to fix the loopholes:<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Technology\"><\/span><strong>Technology<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\r\n\r\n\r\n\r\n<p>Integrate software, hardware, third-party services, and PCI compliant hosting to form a secure application that will protect the cardholder data.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Security\"><\/span><strong>Security<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\r\n\r\n\r\n\r\n<p>Security is a vital part of any online business, so use comprehensive methods and procedures to make your system optimally free of vulnerability.<\/p>\r\n\r\n\r\n\r\n<p>It is equally important for all organizations that are dealing with online payment transactions or having confidential data to prevent malware and viruses from preventing data breaches. Always use approved and trusted antiviruses, keep them active, and up to date, and continuously read the log files.<\/p>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Why_PCI_Compliant_Hosting\"><\/span><strong>Why PCI Compliant Hosting?<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\r\n\r\n\r\n\r\n<p>Most online businesses need to fulfill PCI compliance requirements but they don\u2019t have the experience and skills to build PCI compliant systems from scratch. They need third-party PCI Compliant hosting provided by the best hosting providers such as Temok has the professional team and infrastructure to achieve compliance without any difficulties.<\/p>\r\n\r\n\r\n\r\n<p>Why am I referring to PCI compliant hosting provider? Because they take care of your server and provide network security as well as physical security. They deeply understand the importance and requirements to deliver a system that complies with PCI DSS. It is very tough for any organization to hire different expert employees for each task separately associated with your server and security.<\/p>\r\n\r\n\r\n\r\n<p>Although PCI compliant hosting is mainly used for online stores or businesses that involve online payment processing systems, it is equally useful for other types of businesses that need to protect their confidential data.<\/p>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"PCI_DSS_Requirements\"><\/span><strong>PCI DSS Requirements<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\r\n\r\n\r\n\r\n<figure class=\"wp-block-image size-large\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-5232\" src=\"https:\/\/i0.wp.com\/www.blog.temok.com\/wp-content\/uploads\/2020\/04\/pci7.jpg?resize=750%2C500&#038;ssl=1\" alt=\"PCI DSS Requirements\" width=\"750\" height=\"500\" srcset=\"https:\/\/i0.wp.com\/blog.temok.com\/wp-content\/uploads\/2020\/04\/pci7.jpg?w=750&amp;ssl=1 750w, https:\/\/i0.wp.com\/blog.temok.com\/wp-content\/uploads\/2020\/04\/pci7.jpg?resize=300%2C200&amp;ssl=1 300w\" sizes=\"auto, (max-width: 750px) 100vw, 750px\" \/><\/figure>\r\n\r\n\r\n\r\n<p><strong>Maintain a Secure Network<\/strong><\/p>\r\n\r\n\r\n\r\n<ol class=\"wp-block-list\">\r\n<li>Install and maintain a firewall<\/li>\r\n<li>Change Default passwords and increase the complexity<\/li>\r\n<\/ol>\r\n\r\n\r\n\r\n<p><strong>Protect cardholder data<\/strong><\/p>\r\n\r\n\r\n\r\n<ol class=\"wp-block-list\">\r\n<li>Protection of cardholder data must be your priority<\/li>\r\n<li>Always use encrypted communications over public networks<\/li>\r\n<\/ol>\r\n\r\n\r\n\r\n<p><strong>Vulnerability Management Processes<\/strong><\/p>\r\n\r\n\r\n\r\n<ol class=\"wp-block-list\">\r\n<li>Install anti-virus software and keep updated regularly<\/li>\r\n<li>Develop secure systems or applications and properly maintain<\/li>\r\n<\/ol>\r\n\r\n\r\n\r\n<p><strong>Strong Access Control<\/strong><\/p>\r\n\r\n\r\n\r\n<ol class=\"wp-block-list\">\r\n<li>Restrict access to cardholder data using a need-to-know basis<\/li>\r\n<li>Assign a unique ID to each user having computer access<\/li>\r\n<li>Physical access to cardholder data must be restricted<\/li>\r\n<\/ol>\r\n\r\n\r\n\r\n<p><strong>Monitor and Test Networks<\/strong><\/p>\r\n\r\n\r\n\r\n<ol class=\"wp-block-list\">\r\n<li>Keep track of all access to data and network resources<\/li>\r\n<li>Security systems should be updated and tested regularly<\/li>\r\n<\/ol>\r\n\r\n\r\n\r\n<p><strong>Information Security Policy<\/strong><\/p>\r\n\r\n\r\n\r\n<ol class=\"wp-block-list\">\r\n<li>Define a policy that addresses information security for employees and contractors<\/li>\r\n<\/ol>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Implement_a_Quality_Assurance_Process\"><\/span><strong>Implement a Quality Assurance Process<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\r\n\r\n\r\n\r\n<p>Any website must check the required functionality to give a better experience. But when it comes to online businesses where online payments are processed, you can never ignore the security and regulations to receive payments via cards for the services or products you are providing. Online payments made by credit cards come under the PCI DSS regulation and the following is the summary of major compliance requirements:<\/p>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li>Build a secure network and use PCI compliant hosting<\/li>\r\n<li>Protect cardholders and consumers\u2019 critical\/confidential information<\/li>\r\n<li>Use a reliable anti-virus to prevent vulnerabilities<\/li>\r\n<li>Set up an access control mechanism<\/li>\r\n<li>Regularly monitor and test your system<\/li>\r\n<li>Follow a comprehensive information policy<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<p>POS (Point Of Sale) can be utilized that normally don\u2019t store\/hold the consumer data or use third-party payment processing systems. Every business should be responsible for consumer data and the website needs to be more secure during payment processing within the following areas:<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"1_PCI_Compliant_Hosting\"><\/span><strong>1. PCI Compliant Hosting<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\r\n\r\n\r\n\r\n<p>Every payment processing website should use <a href=\"https:\/\/www.temok.com\/ssl\" target=\"_blank\" rel=\"noopener\">SSL certificates<\/a> and reliable PCI compliant hosting servers. Few organizations are trying to reduce their expenses and use shared web hosting services but every financial institution or online payment processing website should use dedicated servers. Before choosing any hosting provider make sure their hosting server, shopping cart, and hosting plans are according to the PCI standards.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"2_Shopping_Cart\"><\/span><strong>2. Shopping Cart<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\r\n\r\n\r\n\r\n<p>You are not only protecting the client\u2019s data but must also protect your online business. Select a reliable and reputable shopping cart software that is PA DSS compliant. It will help you to protect the confidential data by blocking malicious attacks.\u00a0<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"3_Employees\"><\/span><strong>3. Employees<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\r\n\r\n\r\n\r\n<p>Conduct technical training for your staff and provide the proper guidelines, so that they help you to prevent data breaches. Make sure that you are using a <a href=\"https:\/\/www.temok.com\/dedicated-servers-hongkong\" target=\"_blank\" rel=\"noopener\">dedicated server<\/a> and that all devices either wireless or wired are connected with this server. Keep your main server up-to-date and install reliable antivirus software and firewalls.<\/p>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Conclusion\"><\/span><strong>Conclusion<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\r\n\r\n\r\n\r\n<p>In short, every merchant or organization accepting credit cards and dealing with online payments should follow the PCI DSS standards. PCI compliance hosting is very expensive if you build it in-house environment, so it is a better approach to get from hosting providers. To get more details about PCI Compliant hosting you can contact us for <a href=\"https:\/\/www.temok.com\/contact-us\" target=\"_blank\" rel=\"noopener\">free consultation<\/a>.<\/p>\r\n","protected":false},"excerpt":{"rendered":"<p><span class=\"span-reading-time rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\"><\/span> <span class=\"rt-time\"> 9<\/span> <span class=\"rt-label rt-postfix\">min read<\/span><\/span>Payment Card Industry Data Security Standard specifies the minimum requirements of security for software vendors, merchants, or any organizations that process or transmit credit card data. Whether you are directly dealing with payments or using a third-party payment processor, compliance is mandatory otherwise you will be banned or pay monthly fines. To accept credit card [&hellip;]<\/p>\n","protected":false},"author":9,"featured_media":5235,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_bbp_topic_count":0,"_bbp_reply_count":0,"_bbp_total_topic_count":0,"_bbp_total_reply_count":0,"_bbp_voice_count":0,"_bbp_anonymous_reply_count":0,"_bbp_topic_count_hidden":0,"_bbp_reply_count_hidden":0,"_bbp_forum_subforum_count":0,"pmpro_default_level":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[2],"tags":[526,497,525],"class_list":["post-5218","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-web-hosting","tag-credit-card-payment-process","tag-e-commerce-security-threats","tag-pci-compliant-hosting","pmpro-has-access"],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/blog.temok.com\/wp-content\/uploads\/2020\/04\/pci8.jpg?fit=750%2C500&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.temok.com\/blog\/wp-json\/wp\/v2\/posts\/5218","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.temok.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.temok.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.temok.com\/blog\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/www.temok.com\/blog\/wp-json\/wp\/v2\/comments?post=5218"}],"version-history":[{"count":13,"href":"https:\/\/www.temok.com\/blog\/wp-json\/wp\/v2\/posts\/5218\/revisions"}],"predecessor-version":[{"id":13612,"href":"https:\/\/www.temok.com\/blog\/wp-json\/wp\/v2\/posts\/5218\/revisions\/13612"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.temok.com\/blog\/wp-json\/wp\/v2\/media\/5235"}],"wp:attachment":[{"href":"https:\/\/www.temok.com\/blog\/wp-json\/wp\/v2\/media?parent=5218"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.temok.com\/blog\/wp-json\/wp\/v2\/categories?post=5218"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.temok.com\/blog\/wp-json\/wp\/v2\/tags?post=5218"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}