Connect with us

Business

PCI Compliance – What every card-accepting merchant should know

Published

on

Rob-Crutchington

By Rob Crutchington – Director of Encoded

Rob-CrutchingtonIt is fair to say that most card-accepting merchants understand the importance of protecting customer data from fraud and cybercrime. However, it might be news to many that in the event of a security breach they will be the ones fined. The buck stops with the merchant. Costs and expenses can quickly add up with payment network fines and assessments, forensic fees associated with a compliance audit of the merchant’s business environment and legal fees. Not to mention the damage to reputation and lost sales.

A recent report* based on a survey of 2,035 online consumers stated that nearly half (45%) of respondents saw contact centres in particular as the biggest security risk and the starting point for fraud. Findings also showed that many millions of consumers have been stopped from making purchases over the telephone when interacting with a call centre.

But surely the Payment Card Industry Data Security Standard (PCI DSS) takes care of all of this? When Visa®, MasterCard®, JBC®, Discover® and American Express® created a standard made up of 12 requirements designed to secure business systems that store, process or transmit card holder data it was meant to protect consumers and merchants against security breaches. However, what many organisations with call centres do not appreciate is that because PCI DSS covers the entire trading environment, all third-party partners and vendors that handle card data must also comply before full PCI compliance is achieved.

Visa Europe Merchant Agents List
So which third-party partners and vendors are fully PCI DSS compliant? Payment schemes are building lists of registered Third Party Vendors that can demonstrate adequate levels of data security and acceptable business practices. For example VISA has its Visa Europe Merchant Agents List http://www.visamerchantagentslist.com/ and merchant services organisations such as Elavon are insisting that only organisations which appear on this list are used by customers. This means any company involved in accepting transactions, interactive voice response (IVR) payments, internet payment gateways and any other service or product that is directly or indirectly involved in data transactions must register and appear on the list. Contact-centres typically use multiple vendors for their technology so it is becoming increasingly important for management to understand just who does what in the process and who needs to be PCI compliant to avoid fines and lawsuits in the event of the unthinkable happening and customer card data being stolen.

Not all PCI third-parties are created equal
The Visa Europe Merchant Agents list has two levels of organisations that provide services to merchants. These two levels have very different validation procedures. To achieve the top level of compliance, Level 1, an Attestation of Compliance (AOC) is needed and this level only applies to organisations that store, process and/or transmit more than 300,000 Visa transactions per year.

To achieve Level 1 status an Attestation of Compliance must be completed by an independent Qualified Security Assessor (QSA) along with a Report on Compliance. QSAs cost money and have very exacting standards. The high cost of going through full PCI DSS accreditation with an external QSA is leading to some vendors claiming to be compliant when in fact they have not been through the whole process and therefore do not have Level 1 status. This is putting merchants at risk.

For Level 2 registration organisations do not require an onsite security assessment by a QSA and are able to submit an annual self-assessment questionnaire including the Attestation of Compliance without reference to a QSA. Level 2 applies to smaller providers involved with less than 300,000 Visa transactions annually.

As Matthew Tyler, CEO of Blackfoot explained, “Payment schemes such as Visa and merchant service providers like Elavon are getting tough on organisations taking card payments. Many merchants don’t even realise they will be ones fined in the event of a data breach as they believe their bank or 3rd party supplier will be accountable. Some acquirers are even threatening to terminate Merchant Service Agreements if merchants fail to work with third-parties that appear on the Visa list. Organisations with call centres are seen as particularly vulnerable and should do everything in their power to work with only Level 1 vendors such as Encoded who have gone through extensive measures and inspections to achieve PCI DSS compliance.”

As recent research shows card security is important to consumers and they are becoming increasingly aware of both the technology and standards around payments. For call centres to build trust and confidence only the best technology from third-parties with Level 1 Visa clearance is good enough for customers. It can take years to rebuild a reputation after high profile data breaches such as those at Sony, Lush and the parent company of TK Maxx but it only takes a few minutes to check whether the vendor you are working with appears on the Visa Europe Merchant Agents list, has achieved full PCI DSS compliance and Level 1 status.

*Sabio and Avaya commissioned Davies Hickman Partners, an independent research consultancy, to complete a nationally representative survey (excluding NI) of 2,035 online consumers in January 2013.

 

 

 

Business

Exclusive: China’s Huawei, reeling from U.S. sanctions, plans foray into EVs – sources

Published

on

Exclusive: China's Huawei, reeling from U.S. sanctions, plans foray into EVs - sources 1

By Julie Zhu and Yilei Sun

HONG KONG/BEIJING (Reuters) – China’s Huawei plans to make electric vehicles under its own brand and could launch some models this year, four sources said, as the world’s largest telecommunications equipment maker, battered by U.S. sanctions, explores a strategic shift.

Huawei Technologies Co Ltd is in talks with state-owned Changan Automobile and other automakers to use their car plants to make its electric vehicles (EVs), according to two of the people familiar with the matter.

Huawei is also in discussions with Beijing-backed BAIC Group’s BluePark New Energy Technology to manufacture its EVs, said one of the two and a separate person with direct knowledge of the matter.

The plan heralds a potentially major shift in direction for Huawei after nearly two-years of U.S. sanctions that have cut its access to key supply chains, forcing it to sell a part of its smartphone business to keep the brand alive.

Huawei was placed on a trade blacklist by the Trump administration over national security concerns. Many industry executives see little chance that blocks on the sale of billions of dollars of U.S. technology and chips to the Chinese company, which has denied wrongdoing, will be reversed by his successor.

A Huawei spokesman denied the company plans to design EVs or produce Huawei branded vehicles.

“Huawei is not a car manufacturer. However through ICT (information and communications technology), we aim to be a digital car-oriented and new-added components provider, enabling car OEMs (original equipment manufacturers) to build better vehicles.”

Huawei has started internally designing the EVs and approaching suppliers at home, with the aim of officially launching the project as early as this year, three of the sources said.

Richard Yu, head of Huawei’s consumer business group who led the company to become one of the world’s largest smartphone makers, will shift his focus to EVs, said one source. The EVs will target a mass-market segment, another source said.

All the sources declined to be named as the discussions are private.

Chongqing-based Changan, which is making cars with Ford Motor Co, declined to comment. BAIC BluePark did not respond to repeated requests for comment.

Shares of Changan’s main listed company Chongqing Changan Automobile rose 8% after Reuters reported the discussions. BluePark’s shares jumped by their maximum 10% daily limit.

GROWING EV MARKET

Chinese technology firms have been stepping up their focus on EVs in the world’s biggest market for such vehicles, as Beijing heavily promotes greener vehicles as a means of reducing chronic air pollution.

Sales of new energy vehicles (NEVs), including pure battery electric vehicles as well as plug-in hybrid and hydrogen fuel cell vehicles, are expected to make up 20% of China’s overall annual auto sales by 2025.

Industry forecasts put China’s NEV sales at 1.8 million units this year, up from about 1.3 million in 2020.

Huawei’s ambitious plans to make its own cars will see it join a raft of Asian tech companies that have made similar announcements in recent months, including Baidu Inc and Foxconn.

“The novel and complicated U.S. restrictions on semiconductors to Huawei have slowly been strangling the company,” said Dan Wang, a technology analyst with research firm Gavekal Dragonomics.

“So it makes sense that the company is pivoting to less chip-intensive industries in order to maintain operations.”

In the United States, Amazon.com Inc and Alphabet Inc are also developing auto-related technology or investing in smart-car startups.

Huawei has been developing a swathe of technologies for EVs for years including in-car software systems, sensors for automobiles and 5G communications hardware.

The company has also formed partnerships with automakers such as Daimler AG, General Motors Co and SAIC Motor to jointly develop smart auto technologies.

It has accelerated hiring of engineers for auto-related technologies since 2018.

Huawei was awarded at least four patents related to EVs this week, including methods for charging between electric vehicles and for checking battery health, according to official Chinese patent records.

Huawei’s push into the EV market is currently separate from a joint smart vehicle company it co-founded along with Changan and EV battery maker CATL in November, two of the sources said.

(Reporting by Julie Zhu in Hong Kong and Yilei Sun in Beijing; additional reporting by David Kirton in Shenzhen; Editing by Sumeet Chatterjee and Richard Pullin)

Continue Reading

Business

Facebook switches news back on in Australia, signs content deals

Published

on

Facebook switches news back on in Australia, signs content deals 2

By Renju Jose and Jonathan Barrett

SYDNEY (Reuters) – Facebook Inc ended a one-week blackout of Australian news on its popular social media site on Friday and announced preliminary commercial agreements with three small local publishers.

The moves reflected easing tensions between the U.S. company and the Australian government, a day after the country’s parliament passed a law forcing it and Alphabet Inc’s Google to pay local media companies for using content on their platforms.

The new law makes Australia the first nation where a government arbitrator can set the price Facebook and Google pay domestic media to show their content if private negotiations fail. Canada and other countries have shown interest in replicating Australia’s reforms.

“Global tech giants, they are changing the world but we can’t let them run the world,” Australian Prime Minister Scott Morrison said on Friday, adding that Big Tech must be accountable to sovereign governments.

Facebook, whose 8-day ban on Australian media captured global attention, said it had signed partnership agreements with Schwartz Media, Solstice Media and Private Media. The trio own a mix of publications, including weekly newspapers, online magazines and specialist periodicals.

Facebook did not disclose the financial details of the agreements, which will become effective within 60 days if a full deal is signed.

“These agreements will bring a new slate of premium journalism, including some previously paywalled content, to Facebook,” the social media company said in a statement.

The non-binding agreements allay some fears that small Australian publishers would be left out of revenue-sharing deals with Facebook and Google.

“It’s never been more important than it is now to have a plurality of voices in the Australian press,” said Schwartz Media Chief Executive Rebecca Costello.

Facebook on Tuesday struck a similar agreement with Seven West Media, which owns a free-to-air television network and the main metropolitian newspaper in the city of Perth.

The Australian Broadcasting Corp has said it was also in talks with Facebook.

Google Australia managing director Mel Silva said in a statement published on Friday the company had found a “constructive path to support journalism”.

She thanked Australian users of the search engine for “bearing with us while we’ve sent you messages about this issue”.

Facebook and Google threatened for months to pull core services from Australia if the media laws, which some industry players claim are more about propping up ailing local media, took effect.

While Google struck deals with several publishers including News Corp as the legislation made its way through parliament, Facebook took the more drastic step of blocking all news content in Australia.

That stance led to amendments to the laws, including giving the government the power to exempt Facebook or Google from mandatory arbitration, and Facebook on Friday began restoring the Australian news sites.

(Reporting by Renju Jose and Jonathan Barrett; Editing by Richard Pullin and Jane Wardell)

 

Continue Reading

Business

China’s factory activity growth likely moderated during February holiday lull – Reuters poll

Published

on

China's factory activity growth likely moderated during February holiday lull - Reuters poll 3

BEIJING (Reuters) – China’s factory activity likely grew at a slightly slower rate in February as factories closed for the Lunar New Year holiday, a Reuters poll showed, although growth is expected to remain firm, buoyed by an early resumption of production.

The official manufacturing Purchasing Manager’s Index (PMI) is expected to dip marginally to 51.1 in February from 51.3 in January, according to the median forecast of 20 economists polled by Reuters. A reading above 50 indicates an expansion in activity on a monthly basis.

Chinese factories typically scale back operations or close for lengthy periods around the Lunar New Year holiday, which fell in the middle of February this year.

However, the resurgence of COVID-19 cases in the winter had prompted local governments and companies to dissuade workers from travelling back to their hometowns, giving a boost to the earlier-than-usual resumption of production at many factories, analysts say.

“Although government COVID-19 prevention measures may constrain some manufacturing activities in the near-term, the fact that a majority of migrant workers stayed in their workplace cities for the holiday should facilitate an earlier resumption of business activity following the holiday this year,” said analysts at Nomura in a note to client on Thursday.

Wang Zhishen, a migrant worker from Gansu, told Reuters that his factory, a manufacturer of logistics boxes in the manufacturing hub of Dongguan, only closed for three days during the holiday, thanks to overwhelming businesses. Lured by the 1,500-yuan cash subsidy his factory offered, he chose to work through the holiday.

The Chinese economy has largely shaken off the gloom from the COVID-19 health crisis, with consumers opening up their wallets after months of hesitation. Growth is now set to rebound sharply this quarter, also helped by the low base effect of a year ago.

The country has successfully curbed the domestic transmission of the COVID-19 virus in northern China, with the national health authority reporting zero new local cases for the 11th straight day. Cities that were on lockdown have since vowed to push for a work resumption at full speed.

The official PMI, which largely focuses on big and state-owned firms, and its sister survey on the services sector, will both be released on Sunday.

The private Caixin manufacturing PMI will be published on Monday. Analysts expect the headline reading will dip slightly to 51.4 from 51.5 in January.

(Reporting by Stella Qiu and Ryan Woo; Editing by Sam Holmes)

Continue Reading
Editorial & Advertiser disclosureOur website provides you with information, news, press releases, Opinion and advertorials on various financial products and services. This is not to be considered as financial advice and should be considered only for information purposes. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third party websites, affiliate sales networks, and may link to our advertising partners websites. Though we are tied up with various advertising and affiliate networks, this does not affect our analysis or opinion. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you, or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish sponsored articles or links, you may consider all articles or links hosted on our site as a partner endorsed link.

Call For Entries

Global Banking and Finance Review Awards Nominations 2021
2021 Awards now open. Click Here to Nominate

Latest Articles

Newsletters with Secrets & Analysis. Subscribe Now