I've talked in this space before about online fraud and near-field communication (NFC) as they relate to securing campus payment systems. This month's topic touches on both of those and expands the conversation to include the role contactless payments play in compliance.
Unlike chip cards, which protect transaction information at the point of sale, there's no data to protect with contactless payments. Tokenization and NFC are connected because both Apple Pay and Android Pay utilize these technologies. Users provide their actual account numbers when they set up either type of account, but it's the stand-in tokens stored on their phones or contactless cards rather than actual account numbers that are passed on to merchants. As a result, even if scam artists gain access to a token, it's useless.
Since data breaches and identity theft are constantly in the news, some consumers are still reluctant to use contactless payment methods because they perceive digital payments to be less secure. But whether they know it or not, early adopters who already embrace contactless payments have taken a big step toward keeping their data safer.
So contactless payments are safer for consumers, but how does that affect merchant compliance? The secret's in the PCI-related paperwork. Compliance Self-Assessment Questionnaires (SAQs) are complicated to navigate, but with the right software and hardware, merchants can reduce their questionnaires significantly. They can even avoid them altogether if they have a processor who can apply for SAQ exemption status on their behalf.
For a processor to successfully help a merchant apply to skip the SAQ questionnaire, merchants have to meet various credit card companies' requirements. These differ across card networks but in general require merchants to have:
- Up-to-date PCI DSS compliance already on file.
- Equipment capable of processing contactless payments already in place.
- Zero breaches of cardholder data.
Taking the steps to switch to contactless payments is more than just keeping up with the latest cool technology. It offers a greater level of data security, delivers the best experience for your students, and ensures compliance while potentially reducing your PCI paperwork. So, maybe compliance can be cool!