Cardholder data breaches are real and are occurring more frequently than ever. It’s the reason PCI DSS compliance is such a big deal. The significant cost of a forensic investigation, the damage to a merchant’s goodwill and the fines assessed by the card brands can easily reach six figures and is often more than a merchant can afford.
Back in March we discussed how the use of purpose built payment terminals can minimize your data breach exposure by isolating sensitive cardholder data to systems that have very small attack surfaces which hackers are unlikely to penetrate. While diligently maintaining the data security posture of your own internal IT infrastructure continues to be of paramount importance, section 12.8 of the Payment Card Industry Data Security Standards (PCI DSS) version 3.1 specifically mandates that merchants must take steps to monitor the PCI DSS compliance of all third party service providers with access to cardholder data.
The Voice Authorization System (VAS) can be used to authorize a credit or debit card payment when your normal means of performing authorizations is unavailable or when you receive a “Call Center” response to a payment transaction.
It is important to understand that a “decline” response means the card issuer is unable or unwilling to provide an authorization on the cardholder’s account.