Data Security - Retail

CounterPoint V7 and CounterPoint SQL have been validated against the Payment Card Industry (PCI) Payment Application Data Security Standard (PA DSS).  CPGateway and CPOnline have been validated against the PCI Data Security Standard (PCI DSS) for Service Providers.

As PA DSS-Validated Payment Applications, CounterPoint V7 and CounterPoint SQL adhere to all PA DSS guidelines. In addition, both versions of CounterPoint include numerous features that enable merchants to implement a PCI DSS-compliant system.

CounterPoint's security features include:

• Password security settings support PCI DSS-compliant password policies.
• All passwords and credit card numbers are encrypted.
• Full credit card numbers are not displayed or printed; all card numbers are masked to display only the first 6 and the last 4 digits.
• Magnetic stripe track data is not retained in the CounterPoint database.
• CVV2/CVC2/CID data (i.e., verification numbers printed on each card) is not retained.
• Retention of full credit card numbers in history is optional; full card numbers retained in history are encrypted.

Keeping Your Software Compliant
PCI requirements will continue to change. To meet current and future PCI requirements, you must keep your CounterPoint software up to date.

CounterPoint Subscription Service (CSS) will keep your CounterPoint system compliant with these ever-changing requirements. With CSS, you automatically receive new CounterPoint features and enhancements as they are added to the software.

Your Responsibilities
As a merchant who accepts credit cards, you are responsible for adequately securing your customers' cardholder information wherever it resides-on your computers, in a drawer, or in a filing cabinet. If you fail to do so, the card companies and your bank-under the terms of your Merchant Processing Agreement-can hold you accountable for fines and for any losses they suffer from the fraudulent use of cardholder data obtained from your business.

CounterPoint software is only one part of your PCI-compliance obligations. The PCI DSS requires that you evaluate your business policies and incorporate security into your business practices. The documentation included with CounterPoint provides specific steps and recommendations for you to enable PCI compliance. More detailed guidelines describing the 12 basic system requirements are outlined in the PCI DSS located at www.pcisecuritystandards.org.  PCI DSS requirements include, among other things, using current anti-virus software, issuing passwords to your employees, not retaining card magstripe data and using a firewall if your system is connected to the Internet.

PCI compliance is a very serious matter. Non-compliance can cost you money, time, and reputation. If your systems are not PCI-compliant, your business is at extreme financial risk. Contact your CounterPoint Business Partner for more information.