PDQ Manufacturing is dedicated to protecting wash operators. PDQ's Access Customer Management System (CMS) has been validated as being PA-DSS (Payment Application Data Security Standards) compliant. This validation helps wash operators meet compliance with the Payment Card Industry Data Security Standard (PCI DSS) by minimizing the potential for security breaches and compromised credit card information. PA-DSS encourages practices that protect stored data, tightens security access, and eliminates full magnetic stripe data retention.
Back in June of 2008, PDQ Manufacturing was the first car wash manufacturer to provide a high-speed compliant payment application for your car wash. Today, we continue to provide operators with a compliant product by maintaining our software with the strict standards set forth by the PCI Security Standards Council. To view all compliant providers, please see searchable List of Validated Payment Applications the searchable List of Validated Payment Applications on the PCI Security Standards Council's website. For more information on PCI compliance and how/when it will affect you, please visit the PCI Security Standards Council's website or contact your merchant service provider.
Why PA-DSS Compliance is Important
Being PA-DSS compliant validates that a specific device adheres to the standards set forth by VISA's CISP (Cardholder Information Security Program) and that credit card information stored, transmitted or processed by those devices is done so in a secure fashion. Using PA-DSS compliant devices at your location will assist you in becoming PCI certified by following the guidelines laid out by the PCI DSS. These standards help minimize the potential for security breaches and compromised credit card information, which you as the merchant are ultimately responsible for.
Watch a video on why compliance is important
Credit Card Security and the Access Unit
Beginning January 1 st, 2008, merchant acquirers began requiring level 4 merchants to adhere to a new payment security standard. Due to these security requirements, PDQ has changed the software in the Access S, B, and N Series to be compliant, which will affect the credit card payment processors that carwash operators (merchants) can use.
In previous version of software, PDQ supported five payment processors domestically:
- TSYS/ VITAL
- RBS Lynk
- Concord EFSnet, Data Merchant Services
- Alliance Data Systems
- FDR Omaha
To be compliant, PDQ only supports a direct connection to the following payment processors:
- First Data (Concord EFSnet)
- Plug-n-Pay (gateway)
- Authorize.net (gateway)
Those customers currently using Tsys, RBS Lynk, Alliance Data Systems, or FDR Omaha should consider speaking with their merchant acquirer (the CC processor) or service provider to determine if the acquirer supports one of the above platforms.
Through an Authorize.net account , carwash operators will be able to process credit cards through the following payment processors:
- FDC, aka First Merchant Services FDMS, Nashville or Envoy processing platforms
- FDCO aka FDR-First Data Resources, Omaha
- Global Payments, aka GPS, GPN NDC or Global East Information Systems
- RBS Lynk / Lynk Systems
- Elavon, Formally known as Nova
- Paymentech (Tampa processing platform)
- TSYS Acquiring Solutions (SM). aka VITAL and Visa Net
Transaction fees may vary by the merchant acquirer selected. Carwash operators should contact several acquirers or service providers for competitive quotes. Please note that acquirers may not support all the payment processors listed above.
DataTran processing will not be available going forward. Carwash operators using DataTran dial-up modems will be required to replace the DataTran modem with a dial up modem and obtain an ISP (Internet Service Provider) if it is not currently present on-site. The second option would be to update the ISP to a broadband connection and process transactions through a high speed connection.
The following merchant acquirers can process credit cards currently using the Concord EFSnet platform and can create merchant accounts for Access operators.
A PA-DSS compliant software download is available to all current Access CMS2 customers. Please consult with your local distributor regarding this software or login to your account to download a copy.
Qualified Security Assessors
Qualified Security Assessors (QSA) are security consultants providing phone or on-site data security assessments for PCI DSS Compliance. PDQ recommends hiring a QSA if the merchant (wash operator) is unaware of the requirements and actions necessary to become PCI compliant. Businesses seeking assistance with becoming PCI compliant can contact a Qualified Security Assessor from a listing published on the www.pcisecuritystandards.org or www.visa.com/cisp websites.