CounterPoint V7 and CounterPoint SQL are approved by Visa as CISP-Validated Payment Applications. CPGateway and CPOnline comply with the Payment Card Industry’s (PCI) Data Security Standards and are approved by Visa as CISP-Compliant Service Providers.
As CISP-Validated Payment Applications, CounterPoint V7 and CounterPoint SQL adhere to all Cardholder Information Security Program (CISP) and Payment Application Best Practices (PABP) guidelines. In addition, both versions of CounterPoint include numerous features that enable merchants to implement a fully CISP-compliant system.
CounterPoint's CISP-compliant security features include:
- Password security settings support CISP-compliant password policies.
- All passwords and credit card numbers are encrypted.
- Full credit card numbers are not displayed or printed; all card numbers are masked to display only the first 6 and the last 4 digits.
- Magnetic stripe track data is not retained in the CounterPoint database.
- CVV2/CVC2/CID data (i.e., verification numbers printed on each card) is not retained.
- Retention of full credit card numbers in history is optional; full card numbers retained in history are encrypted.
Keeping Your Software Compliant
CISP requirements will continue to change. To meet Visa's current and future CISP requirements, you must keep your CounterPoint software up to date.
CounterPoint Subscription Service (CSS) will keep your CounterPoint system compliant with Visa's ever-changing requirements. With CSS, you automatically receive new CounterPoint features and enhancements as they are added to the software.
Your Responsibilities
As a merchant who accepts credit cards, you are responsible for adequately securing your customers' cardholder information wherever it resides-on your computers, in a drawer, or in a filing cabinet. If you fail to do so, Visa and your bank-under the terms of your Merchant Processing Agreement-can hold you accountable for fines and for any losses they suffer from the fraudulent use of cardholder data obtained from your business.
CounterPoint software is only one part of your CISP-compliance obligations. CISP requires that you evaluate your business policies and incorporate security into your business practices. The documentation included with CounterPoint provides specific steps and recommendations for you to ensure CISP compliance. More detailed guidelines describing the 12 basic system requirements are outlined in Payment Card Industry Data Security Standards (PCIDSS). PCIDSS requirements include using current anti-virus software, issuing passwords to your employees, not retaining card magstripe data, using a firewall if your system is connected to the Internet, and so forth.
CISP compliance is a very serious matter. Non-compliance can cost you money, time, and reputation. If your systems are not CISP-compliant, your business is at extreme financial risk. Contact your CounterPoint Business Partner for more information.
