NCR Corporation, a global leader in consumer transaction technologies, today announced that its payment security solution, NCR Connected Payments, has achieved PCI-DSS 3.0 certification, nearly one year ahead of the required deadline for North America. The PCI-DSS 2.0 specification is set to expire at the end of 2015. NCR completed its 3.0 certification early based on demand from its retail customers in order to ensure the latest specifications and best-in-class security standards are incorporated into the solution. NCR Connected Payments currently protects more than 17,000 stores and more than $120 billion in transactions annually.
The Payment Card Industry Data Security Standard (PCI-DSS) was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally. PCI-DSS provides a baseline of technical and operational requirements designed to protect cardholder data. By complying with PCI-DSS 3.0 early, NCR is helping ease its merchant customers compliance initiatives while maintaining best-in-class payment security.
“NCR is committed to always making sure we are on the leading edge of security initiatives by keeping our payments system compliant and future ready,” said Jimmy Frangis, Vice President and General Manager, Payments-Security & Cloud Services, NCR Retail. “As retailers continue to battle fraud, NCR will support them with easy to deploy, cloud-based payment solutions that natively comply with industry regulation, and prepare them for the future of payments.”
NCR Connected Payments reduces the payment data footprint in the store, reducing the exposure of retailers to payment data theft. To mitigate payment card theft and fraud risks, NCR Connected Payments enhances data and transmission protection from PIN pad to payment processor. The NCR SaaS solution employs point-to-point encryption (P2PE) and tokenization, and provides advanced security monitoring and vulnerability management that meets or exceeds what is required for PCI compliance. This affords retailers more precise, constant visibility into the health of their complete payment system.
The new PCI standard provides increased details and requirements around cardholder data flows, system components inventory, protection from tampering or substitution for POS terminals, and service provider management and responsibility.