The Upcoming Changes to PCI-DSS and Timeline for v4.0

The Upcoming Changes to PCI-DSS and Timeline for v4.0

by | Aug 3, 2022

The PCI Data Security Standard (PCI-DSS) is a global standard that provides a baseline of technical and operational requirements designed to protect account data and information.

Recently, the PCI Security Standards Council (PCI-SSC) announced changes coming to the Data Security Standard. It includes vital information every ISV, VAR, and business accepting credit cards should be aware of in order to remain compliant and avoid compliance fees.  

The beginning stages of v4.0 started in 2017 with changes to v3.2.1. These changes were adopted in the latest version of PCI-DSS and initiated in Q1 of 2020 during the global pandemic. The switch from v3.2.1 to v4.0 happened in a time of uncertainty. With the completion of v4.0, supporting documents (linked below), programs, and updates to training material were completed and rolled out in Q4 of last year (2021). 

The development of PCI-DSS v4.0 was driven by industry feedback and furthers the protection of payment data with new controls and flexibility for the merchant. As the payment card industry evolves, so does the technology and attacks against it. Version 4.0 allows the PCI-SSC to adopt a system of being ahead of the curve and create avenues to help businesses upgrade from v3.2.1. 

The 4 Main Changes for PCI-DSS v4.0

1. Increased requirements for Yearly Diligence for Merchants and Service Providers

      • Every 12 months and upon a significant change, businesses must document and confirm the PCI DSS.
      • For any merchant that uses the customized approach (info found here), a target risk analysis must be performed and approved by senior management
      • An annual review of hardware and software must be completed with a plan to remediate outdated technologies

2. New Customized Approach (info found here)

      • This customized approach still retains the requirement to evaluate risk, but it allows for a more strategic pathway for businesses with robust security processes and strong risk management practices 

3. Expanded Risk Analysis Guidance

      • PCI DSS 4.0 has also provided expanded guidance on conducting risk analysis. Risk analysis has always been a part of PCI DSS, significantly used as part of the compensating control worksheet. In this new version, there is a Sample Targeted Risk Analysis Template (PCI DSS Appendix E2). The template provides more information on how the PCI-SSC expects a risk analysis to be carried out. 

4. Clarifications to “Significant Change” Standard 

      • PCI DSS v4.0 has also provided clarity for some of the key concepts of PCI-DSS, especially what signifies a “significant change”. While the description is more complex in v4.0 than it has been in the past, older versions were not specifically defined. V4.0 offers clarity and examples of the term “significant changes” and processes to stay compliant during changes. 

Projected PCI v4.0 Implementation Timeline

PCI DSS v3.2.1 will remain active for two years after v4.0 is published. However, it is never too early for ISVs, VARs, and merchants to become familiar with the latest version and build a plan for implementing changes as needed.

PCI DSS v4.0 provides clarity on common issues related to PCI DSS and offers significant levels of flexibility for the merchant who has their own security standards in place. As changes are announced, BOLD will continue to update this article with the latest information provided by the PCI-SSC.

Sources:
https://blog.pcisecuritystandards.org/countdown-to-pci-dss-v4.0
https://listings.pcisecuritystandards.org/documents/PCI-DSS-Summary-of-Changes-v3_2_1-to-v4_0.pdf
https://www.mwe.com/insights/pci-dss-4-0-introduces-transformational-change/

Looking to learn how to get started on PCI-DSS v4.0?

Fill out the information below and a BOLD representative will contact you shortly.

  • United States+1
  • United Kingdom+44
  • Afghanistan+93
  • Albania+355
  • Algeria+213
  • American Samoa+1
  • Andorra+376
  • Angola+244
  • Anguilla+1
  • Antigua & Barbuda+1
  • Argentina+54
  • Armenia+374
  • Aruba+297
  • Ascension Island+247
  • Australia+61
  • Austria+43
  • Azerbaijan+994
  • Bahamas+1
  • Bahrain+973
  • Bangladesh+880
  • Barbados+1
  • Belarus+375
  • Belgium+32
  • Belize+501
  • Benin+229
  • Bermuda+1
  • Bhutan+975
  • Bolivia+591
  • Bosnia & Herzegovina+387
  • Botswana+267
  • Brazil+55
  • British Indian Ocean Territory+246
  • British Virgin Islands+1
  • Brunei+673
  • Bulgaria+359
  • Burkina Faso+226
  • Burundi+257
  • Cambodia+855
  • Cameroon+237
  • Canada+1
  • Cape Verde+238
  • Caribbean Netherlands+599
  • Cayman Islands+1
  • Central African Republic+236
  • Chad+235
  • Chile+56
  • China+86
  • Christmas Island+61
  • Cocos (Keeling) Islands+61
  • Colombia+57
  • Comoros+269
  • Congo - Brazzaville+242
  • Congo - Kinshasa+243
  • Cook Islands+682
  • Costa Rica+506
  • Croatia+385
  • Cuba+53
  • Curaçao+599
  • Cyprus+357
  • Czechia+420
  • Côte d’Ivoire+225
  • Denmark+45
  • Djibouti+253
  • Dominica+1
  • Dominican Republic+1
  • Ecuador+593
  • Egypt+20
  • El Salvador+503
  • Equatorial Guinea+240
  • Eritrea+291
  • Estonia+372
  • Eswatini+268
  • Ethiopia+251
  • Falkland Islands+500
  • Faroe Islands+298
  • Fiji+679
  • Finland+358
  • France+33
  • French Guiana+594
  • French Polynesia+689
  • Gabon+241
  • Gambia+220
  • Georgia+995
  • Germany+49
  • Ghana+233
  • Gibraltar+350
  • Greece+30
  • Greenland+299
  • Grenada+1
  • Guadeloupe+590
  • Guam+1
  • Guatemala+502
  • Guernsey+44
  • Guinea+224
  • Guinea-Bissau+245
  • Guyana+592
  • Haiti+509
  • Honduras+504
  • Hong Kong SAR China+852
  • Hungary+36
  • Iceland+354
  • India+91
  • Indonesia+62
  • Iran+98
  • Iraq+964
  • Ireland+353
  • Isle of Man+44
  • Israel+972
  • Italy+39
  • Jamaica+1
  • Japan+81
  • Jersey+44
  • Jordan+962
  • Kazakhstan+7
  • Kenya+254
  • Kiribati+686
  • Kosovo+383
  • Kuwait+965
  • Kyrgyzstan+996
  • Laos+856
  • Latvia+371
  • Lebanon+961
  • Lesotho+266
  • Liberia+231
  • Libya+218
  • Liechtenstein+423
  • Lithuania+370
  • Luxembourg+352
  • Macao SAR China+853
  • Madagascar+261
  • Malawi+265
  • Malaysia+60
  • Maldives+960
  • Mali+223
  • Malta+356
  • Marshall Islands+692
  • Martinique+596
  • Mauritania+222
  • Mauritius+230
  • Mayotte+262
  • Mexico+52
  • Micronesia+691
  • Moldova+373
  • Monaco+377
  • Mongolia+976
  • Montenegro+382
  • Montserrat+1
  • Morocco+212
  • Mozambique+258
  • Myanmar (Burma)+95
  • Namibia+264
  • Nauru+674
  • Nepal+977
  • Netherlands+31
  • New Caledonia+687
  • New Zealand+64
  • Nicaragua+505
  • Niger+227
  • Nigeria+234
  • Niue+683
  • Norfolk Island+672
  • North Korea+850
  • North Macedonia+389
  • Northern Mariana Islands+1
  • Norway+47
  • Oman+968
  • Pakistan+92
  • Palau+680
  • Palestinian Territories+970
  • Panama+507
  • Papua New Guinea+675
  • Paraguay+595
  • Peru+51
  • Philippines+63
  • Poland+48
  • Portugal+351
  • Puerto Rico+1
  • Qatar+974
  • Romania+40
  • Russia+7
  • Rwanda+250
  • Réunion+262
  • Samoa+685
  • San Marino+378
  • Saudi Arabia+966
  • Senegal+221
  • Serbia+381
  • Seychelles+248
  • Sierra Leone+232
  • Singapore+65
  • Sint Maarten+1
  • Slovakia+421
  • Slovenia+386
  • Solomon Islands+677
  • Somalia+252
  • South Africa+27
  • South Korea+82
  • South Sudan+211
  • Spain+34
  • Sri Lanka+94
  • St. Barthélemy+590
  • St. Helena+290
  • St. Kitts & Nevis+1
  • St. Lucia+1
  • St. Martin+590
  • St. Pierre & Miquelon+508
  • St. Vincent & Grenadines+1
  • Sudan+249
  • Suriname+597
  • Svalbard & Jan Mayen+47
  • Sweden+46
  • Switzerland+41
  • Syria+963
  • São Tomé & Príncipe+239
  • Taiwan+886
  • Tajikistan+992
  • Tanzania+255
  • Thailand+66
  • Timor-Leste+670
  • Togo+228
  • Tokelau+690
  • Tonga+676
  • Trinidad & Tobago+1
  • Tunisia+216
  • Turkey+90
  • Turkmenistan+993
  • Turks & Caicos Islands+1
  • Tuvalu+688
  • U.S. Virgin Islands+1
  • Uganda+256
  • Ukraine+380
  • United Arab Emirates+971
  • United Kingdom+44
  • United States+1
  • Uruguay+598
  • Uzbekistan+998
  • Vanuatu+678
  • Vatican City+39
  • Venezuela+58
  • Vietnam+84
  • Wallis & Futuna+681
  • Western Sahara+212
  • Yemen+967
  • Zambia+260
  • Zimbabwe+263
  • Åland Islands+358
Four Ways Small Businesses are Finding Additional Revenue Sources During an Economic Shutdown

Four Ways Small Businesses are Finding Additional Revenue Sources During an Economic Shutdown

by | Apr 2, 2020

The world has changed, and so has the restaurant and retail industry.

Through no fault of their own, companies are scrambling to find ways to keep their business afloat. Many restaurants have had to completely shift their business model relying on ingenuity to generate revenue when patrons are forced to stay and shelter.

BOLD is keeping a close eye on the events unfolding and the effects on our industry. This includes constant communication with our partners in hopes to share merchant success stories outlined below. While a few of these solutions may seem reactive given the current situation, it is important to consider the long term benefits these will have as consumer buying habits will shift when things get back to normal.

1- ONLINE ORDERING AND CONTACTLESS PICKUP

For restaurants, online ordering has been the lifeline for keeping their doors open during this pandemic. For those who had an online ordering “ecosystem” in place along with a healthy social media presence to promote their service, the transfer was a little easier. Others have had to scramble to fill the demand. Thankfully, many online ordering solution providers have stepped up to offer risk free periods for merchants. Some have even gone completely POS agnostic.

eTab– A stand alone online ordering solution that can be quickly activated and implemented into BOLD’s merchant accounts.

etab-laptop.jpg

 

 

 Retailcloud– From now until July 2020, merchants can activate their online store for free. After 90 days merchants have the choice to keep the site, upgrade for more products, and add additional features.

logo_blue.png

 

Restaurants are also promoting “Contactless Pickup”. Consumers are looking for as little human interaction as possible. When an online order is placed via phone or online, many businesses are capturing a description of the car used ot pick up the order. The food is then walked to the car and placed on the hood without the customer ever having to get out of the vehicle.

2- CASH DISCOUNTING

COVID-19 has forced many merchants to cut costs and monthly recurring fees. Depending on the merchant, “Cash Discounting” helps merchants eliminate monthly service fees and save hundreds to thousands of dollars a month in processing fees.

BOLD’s Cash Discounting Program eliminates merchant processing fees for businesses by passing the fees onto the customer as a “non-cash adjustment”. It is treated as a discount given to ALL customers who pay with cash, not as a surcharge added to a credit card transaction. Simply put, ALL goods and services are priced with the “Non-Cash Adjustment” and the discount is applied at the point-of-sale for cash purchases.

It is also important to note that due to the situation that we are in, merchants are running many non-qualified (manually keyed) transactions resulting in higher interchange fees. Merchants taking advantage of the Cash Discount Program benefit by avoiding these additional fees.

3- SIMPLIFIED AND FAMILY-STYLE MENUS

Restaurants are running skeleton crews. Many have limited their meal selections to family-style meals in order to streamline the kitchen and limit the food preparation and serving time. Other restaurants, like Tony Baloney’s mentioned below, are finding creative ways to stay afloat by selling kits of their menu items so families can pick up and prepare at home.

Examples of Some Restaurants Shifting to Family-Style Meals

1. A statewide limit on groups is never good for a catering company, so Quinn’s Catering in McDonough, GA found a way to stay active by offering curbside pickup for family meals.

2. Tony Baloney’s in New Jersey changed their online ordering selection to include DIY Pizza Kits that can be picked up.

4- PROTEINS AND ALCOHOL TO GO

The food shortages at grocery stores have given restaurants an opportunity for another short-term revenue source. With proteins hard to come by in the grocery aisles, restaurants are finding some success by offering curbside pickup on proteins and, depending on their city, alcohol.

Examples of How Selling by Bulk is Helping Restaurants

1. Recently, Texas Governor Greg Abbott directed the Texas Department of State Health Services to issue guidance allowing restaurants to sell bulk retail products from restaurant supply chain distributors directly to consumers.

2. Farmers & Fishermen Purveyors, a protein distributor in Atlanta, is now providing home delivery directly to consumers. Prices are similar to what restaurants were paying.

3. In many cities, such as Las Vegas, local governments are adjusting regulations by temporarily allowing restaurants to serve alcohol along with curbside pickup in order to discourage congregation and allow a revenue source for restaurants. 

No one could have expected the country to be in the position we are in. With the Federal Government extending social distancing guidelines until April 30, 2020, it is imperative for restaurants to find solutions to weather this storm.

If you have or need ideas on how you can help your merchants, please call the BOLD Response Team Hotline at (877) 515-1003.

Bay Area POS Finds a Home with BOLD

Bay Area POS Finds a Home with BOLD

by | Jun 6, 2019

SUMMARY

Founded in 2005 as an IT company offering technical solutions to local companies, Bay Area POS (BAPOS) transitioned to a POS company in 2009 and continued to expand their offerings to meet the evolving needs of their 500+ clients. BAPOS ultimately found a niche in offering POS solutions to restaurants. This shift  and narrowed focus put them on track to become one of the fastest growing SoftTouch POS dealers in the nation.

THEIR SOLUTION

Critical to their success, BAPOS recognized and took advantage of a growing trend among restaurants regarding how they purchase point-of-sale systems. Restaurateurs want lower up-front cost and a modular system that can be customized to fit their unique needs.

POS-Station-no-key-hole-1.png

“Ultimately, we chose SoftTouch POS as our main solution because it is a robust restaurant POS that is hard to beat” says Shane Jones, owner of Bay Area POS. “It offers a licensing structure that allows the merchant to buy it now or pay a monthly subscription that covers software updates and 24/7 support.”

Finding a customizable solution like SoftTouch POS was crucial in BAPOS’ success. Some of SoftTouch’s features include:

Dine In
Takeout/Express Menu
Table or Quick Service
Delivery
Caller ID
Drive Thru
Fast Bar Interface

Online Ordering
Mobile/Enterprise Reporting
Semi-integrated EMV Solutions
Pay-at-the-Table
Real-time Dashboard Reporting
Cash Discounting Integration
PCI-DSS Out-of-Scope

BAY AREA POS FINDS A HOME WITH BOLD

In addition, BAPOS recognized the benefits of offering merchant services as part of their solution and the resulting impact doing so has on their revenue stream. The difficulty lies in finding the right processor with the right support at the right revenue split.

“When we compared our residual splits with BOLD versus other processors we have used, BOLD’s payout was the closest to matching their Schedule A than the others.” says Shane. “Typically, other processors produce about a 50% or less split after fees. BOLD gives us the majority split of the revenue that is true to their Schedule A.”

But what is a lion’s share split without reporting to back it up?

Shane went on to mention “the [residual] reporting is also the best I have seen. You can see residuals at the transaction level.”

After reviewing our payout with BOLD, it is our assessment that BOLD pays about 15-20% better than the other processors.— SHANE JONES

Another area BOLD separates themselves from the competition is their partner and merchant support. BOLD takes a personal approach when supporting their partners and it shows.

“They always handle the problem same day and have the skills to adapt and supply temporary solutions or workarounds on the fly to offer continuity” says Shane. “No down time. They know the devices well.”

FUTURE PLANS

What does BAPOS plan for the future?

“Our main focus this year is cash discounting” says Shane. “We have great relationships with our clients, and providing a solution that can save them $50,000 a year in merchant processing fees is a no-brainer”.

BAPOS will expand their sub-agent channel with a focus on SoftTouch POS and merchant processing via their partnership with BOLD The plan for agents is a full assistance approach with a process that allows the agent to become acclimated with SoftTouch POS while earning residuals – all without forcing contracts or quotas on the agent.

Interested in becoming a Bay Area POS reseller? Email info@bayareapointofsale.com to find out more.

The Digital Marketing Cycle- From Lead to Customer

The Digital Marketing Cycle- From Lead to Customer

by | May 31, 2019

Digital marketing has evolved and will continue to change for the unforeseeable future. In its infant stages, a business could see a good bit of traction from Search Engine Optimization (SEO) alone. Fast forward to recent times, many companies have had to find creative ways to drive “clicks” to their site in order to win the “Google Game”.

Many businesses have found great success by providing informative content meant to drive clicks to their site. Their hope is to attract readers looking for information about their industry and not necessarily their company. What many companies miss when doing this is the benefits of integrating all of their digital services so the lead can stay informed from conception to close.

THE LEAD

When a company receives a lead, this is when the integration between Customer Relation Management (CRM) software and Email Engine (Mailchimp, Constant Contact, etc) should start. The status of that lead/contact should always be in sync between the CRM and Email Engine throughout the sales cycle. This allows the reader to receive information relevant to them.

Drip marketing campaigns should start as soon as the lead willing to receive information is entered into your CRM. A drip marketing campaign is a series of emails that are scheduled and can be sent based on actions of the reader (opens, clicks, etc). For leads, emails should be useful information about your/their industry with a sprinkle of information about your company. You can quickly see your unsubscribes go up if the lead continuously feels “sold” to.

There are a few benefits to these emails. The benefit we are covering in this piece are “clicks”. Clicks to your site from external sources (social media, email campaigns, etc) are huge when it comes to Google looking for relevant websites. As users visit your blog, Google identifies the traffic. An active page containing a subject will be ranked higher as prospects search for that subject stored on your blog/site. Combined with pay-per-click (social media post boost and Google Ads), your blog can find a good amount of traffic.

THE OPPORTUNITY

Once the lead expresses interest and a demo/quote has been presented, a conversion in your CRM should update the status in your Email Engine. This starts an entirely new drip marketing campaign. These emails are slightly more forward about your company and should include a call-to-action. It is also helpful to make these emails more personable. For example, it is a good idea to write a few emails directly to the prospect from your personal address on topics they might be interested in (i.e.- “Hey [first name], We just had a new blog post hit today that I thought you might find useful.”)

THE CLOSE

Congratulations! Looks like your hard work paid off. Now it is time to include your new customer in more useful information. A customer no longer needs to be “sold” on your service. A customer is now looking to be nurtured with information on the product/service they purchased. This is when an online knowledge base can be useful for your company. Emails can direct your customers to your site (again, still driving “clicks”) with training or commonly asked questions about your products and service.

The digital marketing process can be a long one. In fact, it is common for it to take 4-6 months before you feel any impact from it. The important thing is to stick with it. When done correctly, the benefits can snowball…quickly.

Tips on Informing Your Merchants About Additional Services Your Company Offers

Tips on Informing Your Merchants About Additional Services Your Company Offers

by | May 23, 2019

Topics

  • The Power of an online Blog

  • Benefits of a client facing knowledge base

  • Using drip marketing to stay consistent

  • Use Priority I.S. as a resource

You have an amazing company, and you’ve worked hard to include value added services that can help your merchants grow. The final, and probably the most difficult, step is informing your customers and capitalizing on their interest.

Outside of using your company’s time and resources to physically call on each of your merchants, there are cost-effective tools available that can help your communication. Below are some ideas on getting started and the steps you can take to maintain a strong online presence with your customers while attracting new prospects.

TOOLS TO CONSIDER

Below are some great tools to make your site more interactive for your clients. Another HUGE benefit is the traction your site can receive ultimately driving up your search engine ranking.

Online Blog

Tap into your knowledge. No one knows your business like you, so share it. Willingness to share this information builds credibility with your prospects and clients as well as drive traffic to your website. It is important to remember that the typical reader of your blog may not be a potential client. What you do earn are clicks, and that can go a long way on search engines.

Another great tip is to use your resources. Ask your employees for topics or even write-ups. This can make a huge impact by building credibility throughout your team and displaying the versatility of your office.

Online Knowledge Base

A knowledge base can not only be informative to your current clients, it can also drive new traffic to your site. When prospects search for solutions that fit the topic of your post, search engines look for indexed pages that fit that search based on activity and age of the page. When one works in conjunction with a blog and email engine, the click rate and page ranking can increase drastically. Below are some benefits one would consider when deciding to implement an online knowledge base:

  • Decrease your support load by directing your clients to an online resource.

  • Use the knowledge base to inform your clients about new features and offerings.

  • Clicks to your knowledge can mean more traction for your site elevating your in the “Google Game”. Now, when prospects search for a topic in your knowledge base, you are closer to the top of the list.

Email/Drip Marketing

Drip marketing can be a great way to stay in front of current and future clients. Emails can be automated and sent based on the users interaction with your emails. When your systems are working together, it can be a great resource to deliver the information hosted on your blog and knowledge base. Depending on the Customer Relationship Management (CRM) and email client you use, drip marketing can me set on autopilot by simply checking a box in your CRM.

KEYS TO REMEMBER

  • Stay consistent. A typical marketing strategy can take 90-120 days to drive results when done correctly. Once it takes off, you will witness a snowball effect.

  • If needed, use outside resources to help you with your content strategy and creation

  • Priority I.S. has a marketing department available for our partners to help them get started. Email us at marketing@priorityis.com to get over your goals and develop a game plan.

Email Us
LinkedIn
Facebook
ajax-loader