Members of the payment card industry – including Interac Association, MasterCard Canada Inc., Visa Canada, and virtually every major Canadian bank – announced Tuesday positive preliminary results for the industry-wide chip and PIN trial in Southern Ontario.
The new verification technology, which is being rolled out in Kitchener-Waterloo by banks like TD Canada Trust and Royal Bank of Canada, will equip all credit cards with a chip and PIN number. When a customer wishes to pay for goods they can place the card into a “PIN pad” terminal and verify payment by entering the PIN. This will replace the traditional need for signature verification and would also require customers to hang on to their cards at all times – as opposed to today’s practice in certain environments such as restaurants, where their cards are often swiped out of sight.
“From a liability shift perspective, if a chip-enabled card is used at a chip-enabled terminal, the issuer will still be responsible for the fraud,” Black (Tracey Black, program director at the Kitchener-Waterloo Industry Chip Trial) said, “But if the chip-enabled card is used at a terminal that has not been upgraded for chip, then the fraud becomes the responsibility of that merchant. As long as the merchant upgrades to chip, they have no liability for any transactions that occur at a point-of-sale terminal with chip-enabled PIN cards.”
Go to ITworldcanada.com to read the full text of this article.
]]>Positouch v. 5.29 and above (Visa Validated!)
SMS v. 3.1
StoreNext ISS45 v 7 – 7110-070
StoreNext ISS45 v8 – 8101-050
Retalix Fuel 1012, 1014, 1016, 1017 (Visa Validated!)
StorePoint POS 7001.2300 (Visa Validated!)
StorePoint POS 7002.1500 (Visa Validated!)
PCI compatible Payment processing middleware versions:
Tender Retail Merchant Connect Multi v, 3.3.1.14 and above
(interfaced with POSitouch, SMS, PennyLane, ISS45)
Mercury Payments
(interfaced with Penny Lane)
The top 3 variables influencing a coffee purchase are:
1. Brand (40%)
2. Quality (30%)
3. Price (25%)
According to stats Canada:
The foodservice industry accounts for more than 60% of the total coffee & tea sales in a $1.3 billion Canadian coffee & tea market.
AM/PM Service Ltd. will provide the SMS Point of Sale system with Fuel Pump control and NCR and IBM hardware components. Scholten’s will also be using SMS Head Office and IP based integrated Debit and Credit.
Rollout has begun, with complete installation of all stores expected in 2008.
]]>Calgary Co-op awarded the Gold Winner in the 2007 Calgary Herald Readers’ Choice Awards for Best Grocery Store (7th year!), Best Deli, Best Car Wash and Best Liquor Store, and secondary winners in the categories of Bakery, Drug Store, Wine Store and Travel Agency!
Click here to visit the Calgary Co-op news room.
]]>1. Limit the number of people who can access the system remotely. Only allow and provide remote access to those who have a strong business need. This typically includes the POS system vendor/reseller for remote service. Owners, management and administrators of the merchant location may also require remote access.
2. Do not share remote access credentials. Ensure that each user with remote access has unique credentials.
3. Disable remote access user accounts when no longer needed. Keep track of all the users to be sure that remote access is still necessary.
4. Utilize two-factor authentication whenever possible. Using two factors as opposed to one delivers a higher level of authentication assurance.
5. Never leave remote access software on and “listening” for incoming connections. It is always best to select a remote access package that requires a user at the merchant site to start or log on to initiate a remote access session.
To find more resources and information about Payment Card Industry Data Security Standards on Mercury’s web site, click here.
Copyright - Mercury Payments Systems
The Mercury Messanger January 2008
http://www.mercurypay.com/go/messenger0108/remote_access.html
Effective January 1, 2008, the rate of the GST and the federal component of the HST will be reduced from 6% to 5%. The provincial component of the HST will remain at 8%. This means that the rate of HST will be reduced from 14% to 13%. Please note that the HST applies only to purchases made in or imported into New Brunswick, Nova Scotia, and Newfoundland and Labrador (the participating provinces) and the GST applies to supplies made in the rest of Canada.
For most purchases, the rate of tax will be determined by the date the GST/HST becomes payable or is paid. If GST/HST became payable or was paid in 2007, the old GST rate of 6%, or HST rate of 14%, applies. Otherwise, the reduced GST rate of 5%, or HST rate of 13%, applies if the tax became payable on or after January 1, 2008, or was paid on or after January 1, 2008 without having become payable before that day.
Read Full Text of Notice and access info sheets HERE
]]>As stores prepare for the holiday rush, shoppers are bracing for the headaches and hassles of long lines, crowded aisles and harried store associates. The solution, according to a recent survey, includes the convenience of self-service. The majority of U.S. consumers, 64 percent, believe the holiday shopping experience would be faster and less frustrating if more retail stores offered self-service to shorten wait times. …
When asked to identify the self-service options that could help alleviate holiday shopping frustrations, product locator kiosks topped the list at 68 percent. Not far behind was self-service return of gifts or purchases (66 percent), followed by self-service gift card kiosks (63 percent), Internet purchasing (59 percent) and self-service checkout (57 percent). …
Gift cards top holiday shopping lists
Gift cards are popular during the holiday season, providing flexibility to both the gift giver and receiver. Last year, according to a survey conducted by BIGresearch for the National Retail Federation, gift card expenditures in 2006 reached over $24 billion. In fact, two-thirds of consumers will purchase at least one gift card during the holiday season. Of those purchasers, consumers on average will buy more than seven gift cards per year. ..
Please read the full article here
© 2001-2007 CRM Today - All Rights Reserved.
Payment Card Industry (“PCI”) is a term which collectively defines the debit, credit, pre-paid, e-purse, ATM, POS, and overall payment industry.
PCI Data Security Standard (“DSS”) is a common set of security standards developed to protect cardholder information, reduce debit and credit card fraud, and identify security breaches, by the four major credit card companies – Discover, American Express, Visa, and MasterCard in June of 2005. Prior to this each card brand managed its own set of requirements, such as the MasterCard Site Data Protection (SDP) Program and the Visa Cardholder Information Security Program (CISP).
PCI is not a law. The PCI Security Standards Council does not manage compliance programs and does not impose any consequences for non-compliance.
PCI DSS is enforceable by the credit card companies through contractual penalties or sanctions that include revocation of the right to accept or process credit cards. Failure to comply will result in hefty fines, investigation costs, reimbursement, being barred from processing credit card transactions and/or face higher processing fees.
PCI Applicability:
Any company that stores, processes, or transmits credit card transactions, must be able to demonstrate that it is PCI DSS compliant. Organizations that must comply include: merchants, merchant acquirers, payment processors, payment gateways and hosting service solution providers.
PCI DSS requirements are applicable if a Primary Account Number is stored, processed, or transmitted. If a Primacy Account Number is not stored, processed or transmitted, PCI DSS requirements do not apply.
Level of compliance varies on the merchant transaction volume. The annual volume of credit card transactions that is stored, processed, or transmitted, as well as the point-of-sale location (e-commerce versus a physical store location) determine the actions needed to take to validate compliance with the PCI DSS.
Merchants that use a third party for cardholder transaction processing and do not store transaction data on systems are not subject to the audit requirements.
Integrated credit/debit being increasingly targeted at log files and centralized databases. SQL injection most common attacked method with remote VNC or PCAnywhere access.
PCI DSS is comprised of 12 core requirements (aka the “Digital Dozen”):
Build and Maintain a Secure Network
1. Install and maintain a firewall configuration to protect cardholder data.
2. Do not use vendor-supplied defaults for system passwords and security p.
Protect Cardholder Data
3. Protect stored cardholder data.
4. Encrypt transmission of cardholder data across open, public networks.
Maintain a Vulnerability Management Program
5. Use and regularly update anti-virus software.
6. Develop and maintain secure systems and applications.
Implement Strong Access Control Measures
7. Restrict access to cardholder data by business need-to-know.
8. Assign a unique ID to each person with computer access.
9. Restrict physical access to cardholder data.
Regularly Monitor and Test Networks
10. Track and monitor all access to network resources and cardholder data.
11. Regularly test security systems and processes.
Maintain an Information Security Policy
12. Maintain a policy that addresses information security.
For more information on PCI DSS compliance, visit https://www.pcisecuritystandards.org/pdfs/pci_dss_v1-1.pdf
NOTICE - This information does not constitue legal advice and AM/PM does not represent itself as an expert in PCI matters. For an expert opinion, please consult an approved PCI advisor.
LIMITATION OF LIABILITY
UNDER NO CIRCUMSTANCES IS AM/PM LIABLE TO CUSTOMER FOR ANY DIRECT, INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, EXEMPLARY OR CONSEQUENTIAL DAMAGES. DAMAGES INCLUDING BUT NOT LIMITED TO DAMAGES FOR PAYMENT TRANSACTIONS ERRORS OR OMMISSIONS (ARISING FROM DEBIT, CREDIT, GIFT CARD, PCI, INTERAC, CREDIT CARD COMPANY, CARDHOLDER COMPLIANCE ISSUES, AND OR PAYMENT DEVICE(S).
Love it or hate it, it’s here to stay. Not only is it increasing its penetration in grocery, it’s expanding beyond that traditional base to make headway in big box specialty (Fujitsu recently announced a deployment at Canadian Tire). Precursors to SCO are even finding their way into department stores with price checkers mounted throughout the stores and some major department store retailers reorganizing themselves with consolidated checkout stations closer to store entrances.
…..
The rationale for these independents for investing in SCO is that many of their customers are already trained on using self-checkout, and so are coming to expect that SCO is part of the shopping experience – at least for groceries. To these retailers, SCO is a customer service play required to keep up with larger chain competitors. They view it as a customer service benefit, increasing the amount of choice a consumer has over how they go about buying their groceries. Both of the panelists said that they did not reduce labor when they implemented SCO, but reinvested labor dollars that SCO freed up into keeping more full service lanes open during high volume hours. Both also mentioned that the benefits came primarily from increasing the checkout capacity in the front of the store without taking away selling square feet.
The panelists shared their experience, emphasizing some lessons learned the hard way:
Provide all of the same services at SCO that consumers are used to getting at full service registers. Reasor’s had not enabled cash back from debit transactions at SCO at the very beginning, thinking that SCO customers would not be heavy users of the option. They quickly realized this was not the case. Consumers expect all of the same services at SCO as at any other register.
Pay close attention to spacing and placement. Both panelists emphasized this. There needs to be enough space within the “pod” of self-checkout stations so that carts can maneuver – not less than seven feet and more like eight. Also, environmental factors can play a role: Reasor’s, with their locations in “tornado alley” found that high winds impacted the function of the scales. For independent retailers, placement and spacing is particularly important because of the expense of installation. Reasor’s didn’t discover the issue with wind until after several stores had been installed – no small percentage of their total chain. While they could correct it in future installations, it’s a hard hit to have to go back in and fix the earlier installs.
Take the time to educate your customers and employees. The panelists noted that it’s important to educate consumers – to use signage and lane lights to make sure that consumers understand that SCO is an option for them, and to help them understand that SCO is not a replacement for standard express lanes – that there will be no reduction in service options available to them at checkout. Employee buy-in is also important. Redner’s encountered employee resistance to SCO because employees thought that the implementation was targeting labor budget. Redner’s had to make sure employees understood that labor budget was not being cut – that SCO was being implemented to boost customer service and overall checkout capacity.
…
Self-checkout is increasingly a fact of life, but even through this year still has a reputation of a “new” technology. Independent grocers face the stiffest competition, the least amount of capital available for investment in technology solutions, and the least amount of risk tolerance for experimenting and testing new concepts. When these retailers speak of SCO not in terms of ROI, but in terms of staying competitive, it’s clear SCO has passed the tipping point.
Copyright © 2007 RSR Research LLC.
Full text article located at http://www.retailsystemsresearch.com/_document/summary/349
]]>