FAS is one of the very few systems in the floral industry to have ever
been certified for PCI compliance. FAS was originally certified for
PCI compliance in 2009. FAS's PCI compliance was recertified in 2015
by the Payment Card Industry Security Standards Council (Council).
The PCI Security Standard is a set of security policies, procedures,
and protocols developed by the Council in order to protect sensitive
cardholder data from fraudulent access and abuse. Computer data
breaches have grown exponentially over the last year, affecting
many of the largest retailers, banks, and other industries in the U.S.
All payment applications which "store, process, or transmit" credit
card data, including POS systems, credit card processing systems,
e-commerce web sites, etc., in all industries must ultimately
be validated as being PCI compliant in order to continue to
process credit cards.
In order to have a software application validated as being Standard-compliant,
a software vendor must submit its system to a Payment Application Qualified
Security Assessor (Assessor) authorized by the Council to perform system
security audits. The Assessor performs extensive tests on the systems to
verify compliance with the Standard. These tests involve running actual
transactions through the systems, generating reports, reviewing data-entry
screens, etc., and they involve forensic analyses of the server hard disk
and workstations to verify that prohibited data is not stored. These tests also verify
that sensitive data is properly encrypted using very high levels of encryption.
The Assessor submits his findings to the Council which then makes the final decison
Many floral systems have never been certified for PCI compliance and almost
certainly will never meet the demanding requirements for achieving compliance.
One cannot simply claim to be compliant without completing the rigorous audit
process described above.
More recently, FAS has raised its own security standards by incorporating the
latest EMV chip card credit card security technology into its systems. Secure credit
card devices facilitate end-to-end encryption which guarantees that credit card
data is instantly encrypted and that the data remains encrypted. Tokenization
is a process that involves substituting a token--a string of letters and
numbers--that represents the actual credit card data. These technologies
remove virtually any possibility of a data breach in your shop because text
credit card data never exists in the memory or on the hard disk drive of your
server or workstation. The secure chip card reader allows you to process the
chip on a credit card, swipe the magnetic strip on an older legacy card, and accept
contactless payments from customers' smart phones using Apple Pay and Android Pay.