IBM Systems Magazine, Power Systems - May 2018 - 8
PROTECTING Consumers' Plastic
Tokenized encryption can help merchants tackle security challenges with payment
handling on IBM i
s threats to data security proliferate, the actions taken by the governing bodies
are evolving. The governing authority for credit card data is the Payment Card
Industry (PCI) Security Standards Council (SSC), which was built by the card
brands: Visa, MC, Discover, American Express and JCB. The PCI provides the best
practices security standards for all businesses touching credit card data.
is the CTO
Having written the
software for the
AS/400 in 1993,
he has dedicated
himself to the
If your business accept cards,
you signed a merchant agreement to create an account with
a bank or acquirer who works
with you to get you paid. Your
acquirer is exclusively responsible for your compliance with
the PCI security mandates (bit.
bestowed upon them by the
credit card brands.
8 // MAY 2018 ibmsystemsmag.com
New Standards Improve
As of Jan. 31, 2017, all merchants that accept credit cards,
regardless of size, are now
required to submit the appropriate PCI Self-Assessment Questionnaire (SAQ) to their bank or
Big merchants have always
been required to submit an SAQ
to prove their compliance with
the 12 tenets of PCI DSS-now
everyone must do so. That said,
I'm willing to bet a plug nickel
that your acquirer has yet to
demand that you submit a formal SAQ.
Most of the merchants I work
with report that they haven't
been requested to comply.
How can that be? Your bank or