A Guide to Eliminating PA-DSS and Making EMV Easy

FACT SHEET

Four major concerns of Value-Added Resellers (VARs), Independent Software Vendors (ISVs) and businesses that accept cards: The high cost of achieving and maintaining PCI, specifically PA-DSS; the risk and responsibility of handling card data; keeping up with card brand mandates and emerging payment technologies; and the high cost and complexity of developing and certifying EMV.

Payments and PCI PA-DSS Scope Benefits of Getting Out of Scope DEFINITIONS Traditional POS system configuration: The VAR or ISV’s scope is eliminated if PIN pad sends the transaction to the all card acceptance and processing is Payment Card Industry Data POS system completed at the acceptance device Security Standard (PCI DSS) is a set of security procedures POS system sends the authorization There is no need for POS system to from the PCI Security Standards request to the acquirer and receives certify for PA-DSS validation Council for businesses that an authorization back from the acquirer PCI compliance and payment accept credit cards. It includes In this configuration, the POS system mandates are maintained by guidelines for user and business are in PA-DSS scope Heartland and our solution partners authentication, firewalls, and responsible for EMV certification Eliminating card data does not take antivirus, encryption, Out-of-Scope configuration: a business out of PCI scope but truncating account numbers, This takes the POS system out of the does eliminate their PA-DSS scope programming maintenance and vulnerability testing. payment authorization process—no By way of encryption and “out of cardholder data is sent to the POS scope,” the merchant’s reply to the Payment Application Data PIN pad receives a prompt from PCI SAQ P2PE-HW questionnaire is Security Standard (PA-DSS) the POS system to start payment simplified—only 18 of 230 questions is a set of requirements that are intended to help software acceptance Heartland Solutions vendors develop secure Once the cardholder information has Heartland, a leader in secure payment payment applications that been collected, the PIN pad sends acceptance, has solutions for VARs, support PCI DSS compliance. the transaction directly to the acquirer ISVs and businesses accepting cards for approval instead of the POS system that eliminate or reduce scope as EMV stands for Europay, PIN pad receives the authorization well as pave the path to seamlessly MasterCard and Visa, a global response from the acquirer and implementing EMV. Combined standard for interoperation passes it onto the POS system with Heartland Secure™, we help our of integrated circuit cards (IS cards or “chip cards”) and customers to be more secure in Implementing EMV Seamlessly IC card capable point-of-sale knowing that Out of Scope is a reality— Our Out-of-Scope offerings eliminate (POS) terminals and automated and EMV does not need to be painful. the need for POS systems to develop to teller machines (ATMs), for Heartland for EMV acceptance and bear Heartland Secure is end-to-end authenticating credit and debit card brand costs associated with EMV encryption, EMV and tokenization. card transactions. certification. This speeds time to market It eliminates PA-DSS and minimizes for EMV acceptance and greatly reduces PCI scope by encrypting card data costs associated with EMV support. within a secure acceptance device, taking the card data out of the transaction and the business’s ecosystem. No card data. No risk.

For more information, call 888.904.6773 or visit heartlandpaymentsystems.com