PCI-DSS compliance
MacPOS is now integrated with Mercury Payment Systems E2E PCI-DSS compliant credit card payment processing system.
Mercury Payment Systems
E2E: End-to-End Encryption secures card data the instant a card is swiped
E2E secures card data by encrypting it at the instant a card is swiped or manually keyed, and keeps it encrypted throughout the transaction. End-to-end encryption reduces the number of systems handling sensitive card data. When encrypting card readers are combined with support from a payment gateway or payment processor, sensitive cardholder data – and the PCI requirements to protect it – are eliminated from the point-of-sale (POS) system.
Today’s POS Systems
Today’s POS systems handle sensitive card data in plain text when it is initially entered. Modern malicious software is designed to steal credit card data by intercepting it as it is passed from peripherals, such as magnetic card readers and keyboards. Malware will even steal card data out of the computer RAM being used by the POS software.
Today’s POS systems also store card data. If the data is not protected according to the Payment Card Industry Data Security Standard (PCI DSS), all the stored credit card data is vulnerable to theft. Depending on the POS design and configuration, this could mean all the credit cards processed since the system was first installed. MacPOS does not store credit card data.
The E2E Alternative
E2E helps remove the entire POS and merchant network from the scope of PCI by eliminating plain text card data. This eliminates the need for complex and costly development of payment applications according to PA-DSS requirements.
With end-to-end encryption, credit card data is encrypted in a specialized card reader before passing it to the POS system. Mercury® uses a device that encrypts both swiped and manually entered card numbers. The data is not decrypted until it reaches our processing servers. Businesses using E2E never handle plain text cardholder data and have no way to retrieve it. If their systems are compromised, the data that is stolen is useless in its encrypted form and is considered out of scope of PCI compliance.
• Significantly reduce risk and PCI compliance requirements
• Simplify PCI compliance for merchants
• Reduce the cost of PCI compliance for merchants
• Provide the best overall card data security
Mercury Payment Systems
E2E: End-to-End Encryption secures card data the instant a card is swiped
E2E secures card data by encrypting it at the instant a card is swiped or manually keyed, and keeps it encrypted throughout the transaction. End-to-end encryption reduces the number of systems handling sensitive card data. When encrypting card readers are combined with support from a payment gateway or payment processor, sensitive cardholder data – and the PCI requirements to protect it – are eliminated from the point-of-sale (POS) system.
Today’s POS Systems
Today’s POS systems handle sensitive card data in plain text when it is initially entered. Modern malicious software is designed to steal credit card data by intercepting it as it is passed from peripherals, such as magnetic card readers and keyboards. Malware will even steal card data out of the computer RAM being used by the POS software.
Today’s POS systems also store card data. If the data is not protected according to the Payment Card Industry Data Security Standard (PCI DSS), all the stored credit card data is vulnerable to theft. Depending on the POS design and configuration, this could mean all the credit cards processed since the system was first installed. MacPOS does not store credit card data.
The E2E Alternative
E2E helps remove the entire POS and merchant network from the scope of PCI by eliminating plain text card data. This eliminates the need for complex and costly development of payment applications according to PA-DSS requirements.
With end-to-end encryption, credit card data is encrypted in a specialized card reader before passing it to the POS system. Mercury® uses a device that encrypts both swiped and manually entered card numbers. The data is not decrypted until it reaches our processing servers. Businesses using E2E never handle plain text cardholder data and have no way to retrieve it. If their systems are compromised, the data that is stolen is useless in its encrypted form and is considered out of scope of PCI compliance.
• Significantly reduce risk and PCI compliance requirements
• Simplify PCI compliance for merchants
• Reduce the cost of PCI compliance for merchants
• Provide the best overall card data security
