Merchant Capture Audit: Fill & Download for Free

The key issue you need to understand in this context is your particular PCI compliance level as a merchant (Level 1 to Level 4). Your PCI level depends on the number and volume of transactions you are processing, and on how you are processing them.Let us assume, you have an existing platfrom that you are integrating with a PCI compliant payment gateway. In order to capture card data you are using hosted payment pages of the gateway. If you need to store card data, the gateway stores it for you. And, of course, you are processing transactions through this gateway. In this case your software does not “touch” card data, and you do not store it, while the gateway already has its own AOC (attestation of compliance). The only thing you have to do is complete an SAQ (self assessment questionnaire, already mentioned by Josh in his answer). If you need to know, which particular type of SAQ you need to complete, you’d better consult PCI specialists. The important thing is: you do not need to go through formal PCI audit and pay for it.Now let us assume, that for some reason your process is different. Say, you are not using payment pages, but instead you have a mobile app or some script that handles card data, and you are not sure whether you remain out of PCI scope. In this case you need to double-check this matter.If for some reason you are storing card data in your database or HSM (tokenization applianse), that you own, then your level will depend on your transaction volume and your ownership of the data (as you may store data on behalf of other merchants). In this case, SAQ may be insufficient to ensure your PCI compliance.Heres are several articles on the subject, that may prove useful: PCI Compliance Levels - Paylosophy, Payment Concepts: Cardholder Data Flow - Paylosophy, HSM, Tokenization Appliance, or both?.Consider reviewing our latest video about choosing the right payment solution that may prove helpful:

It is one of the many ironies of history that a religious order so poor at its inception that the very word “poor” was incorporated in its name (the Poor Knights of the Temple of Solomon at Jerusalem) should not only gain wealth but become famed for its financial services. Cynics looking at the record of the Knight Templar might even be justified in suggesting that the Templars were better bankers than fighters.It all started quite humbly and, I believe, innocently. In an age where there was not yet paper money, much less online and mobile banking, liquid capital took the form of metal, primarily gold and silver, coins. These coins were bulky, heavy and valuable to anyone, so very tempting to thieves. Anyone in the Middle Ages in possession of gold or silver coins was at pains to protect it in some way, either by hiding it or placing it in “treasuries” of some kind, with locks and metal bindings, preferably in a deep cellar or high tower, guarded by reliable thugs.Life being what it is, however, not everyone had reliable thugs to protect their gold and silver. So it became the practice for people of a civil occupation (i.e. without large numbers of armed men at their disposal) to place their valuables in “safekeeping” with religious institutions because these were supposed to be immune from theft and robbery. Unfortunately, religious houses being by definition home to men who did not pursue the profession of arms yet known to be in possession considerable gold and silver, became particularly attractive targets for sack and pillage by heathen, irreligious or merely desperate armed men. (e.g. Viking raids on monasteries and churches, and the sack of the like by desperate mercenaries and kings.)The establishment of the Knights Templar, however, provided a perfect solution to the problem of keeping large sums of gold and silver safe. Here was a religious institution with its own highly-trained and fierce fighters. Within a very short space of time, Templar houses from Ireland to Jerusalem had become the preferred place to deposit liquid capital assets (gold, silver, and jewels) for safe keeping.The Templars dutifully assumed responsibility for the safe-keeping of these valuables, without ― it should be well noted ― charging interest for such services or using the money for their own purposes. As Helen Nicholson writes (The Knights Templar: A New History. Sutton Publishing, 2001, p. 163): “Money deposited with [the Templars] was not pooled and reinvested, but remained in its owners’ strongboxes within the Order’s treasury, and could not be accessed without the owners’ permission.”The Templars, it should be noted, took this duty to protect money deposited with them very seriously. The most famous example of their diligence in this regard occurred during the Seventh Crusade when King Louis IX of France was taken captive along with the bulk of his nobles and knights. A ransom was at length negotiated (characteristically for a man who would be a saint, King Louis bore the full financial burden for the men captured with him), but when the royal treasury was counted the French found to their dismay that it was short some thirty thousand livres.The Seneschal of France, Jean de Joinville, realizing that the Templars must have that much money aboard their flagship, promptly requested that the Knights Templar advance the sum to the King of France, so he and his leading nobles could escape captivity. The Templars refused because it was not Templar money and they had sworn not to release it to anyone without the owner’s permission. The threat of force by Joinville persuaded the Templars to bend the rules a little, but less dire circumstances would have made a threat of force against the Templars nearly unthinkable and their surrender even less so.From accepting deposits to transporting those deposits was only a short and logical step. The Knights Templar rapidly built up a network of houses and commanderies stretching from the Atlantic Ocean to the River Jordan. They were constantly sending armed men from one place to another and their raison d’être was the protection of pilgrims. So what could have been more natural than that they would take on the job of transporting money from place to place ― a sort of medieval Brinks armored service?But, then again, why risk and expend resources carrying heavy coins around, when a letter would do the same thing? So the “letter of credit” was invented. Now people could deposit money at the nearest Templar establishment, and withdraw the same amount of money (adjusted, of course, for currency conversion) in a different town, province or kingdom! This was truly a brilliant innovation, but only made possible by the fact that so much money was being deposited all across Christendom and the Temple itself was earning so much money from its own properties and business that they were now (by the late 12th century) truly in possession of sufficient cash in any major house to meet demand.Not that Templar resources weren’t occasionally strained. When King Louis VII of France (the great-grandfather of Louis IX) washed up in the Holy Land having lost the bulk of his army and all of his treasury in a disastrous overland crusade, the Knights Templar loaned him so much cash to cover his expenses during the remainder of his time in the Holy Land that it “brought the Order close to financial ruin.” (Barber, Malcolm. The New Knighthood: A History of the Order of the Temple. Cambridge University Press, 1994, p. 271.)But by then, the Templars and the French crown already had a symbiotic relationship that lasted roughly 100 years ― until Philip IV decided to bite the hand that fed him and unscrupulously attacked, tortured and destroyed his former friends. During the preceding hundred years, however, the Temple in Paris served as the treasury of France. Period. The royal treasurers were all senior officials of the Temple, and the French treasury was housed in the Paris Temple.Although in no other kingdom was the relationship quite so close, many other monarchs likewise appointed Templars to serve as their financial managers. In England, a Brother Geoffrey of the Knights Templar was appointed by Henry III to manage all his personal expenditure. The Kings of Scotland, Ireland, and Aragon and many popes did the same at various times. Yet while the Templars were frequently found in the role of “almoner” ― i.e. the person who dispenses royal largess ― they were also often entrusted with collecting money as well.Thus the Templars were made responsible for raising the “Saladin Tax” levied on every household in England to support the war in the Holy Land. The Popes also entrusted them will collecting exceptional tithes, usually those in association with the defense of the Holy Land in some way. There were also instances where the Templars were simply employed as reliable agents, men who had a reputation for scrupulous honesty combined with effective military might, to collect purely secular dues, such as customs duties in Ireland.When they weren’t directly involved in collecting or distributing funds for royal or papal authorities, their, by now formidable, reputation as sophisticated accountants earned them the task of auditing the accounts of others. In short, if a monarch, lord or bishop had any reason to doubt the accounts his own servants put before him, he could turn to the Knights Templar and ask them to audit said accounts.Although the evidence left to us is fragmentary, it is sufficient to confirm that the Templars were indeed by the mid-thirteenth century very sophisticated accountants. They had to be in order to keep track of all the money they managed from so many different sources. Debts and credits were carefully noted in parallel accounts with sources and destinations meticulously noted. Receipts and books were signed by individual cashiers ensuring accountability. Templar money could not ― and did not ― simply disappear or get lost.But at some point along the way, doing all those services for others turned into a business and a function in its own right. From rescuing crusading kings in financial distress (1150) to offering loans to merchants for purely commercial purposes (1300) was not so great a step, perhaps, but it was a significant one nevertheless. The once incorruptible “poor knights” of the early 12th century, had become the “money-lenders in the Temple.” From providing the poor with protection (for their goods as well as their person) they had become tax-collectors for kings and “money-grubbing” financiers. That loss of innocence and reputation, along with the loss of their justification for being ― the Holy Land ― undoubtedly contributed to their downfall.As to their contribution to “banking,” the Italian banking houses were emerging at roughly the same time, but it would take considerable in depth research to determine who was imitating who, and where the greatest innovation originated. It is fair to say, however, that the Templars were often at the cutting edge of financial services in their own time and thereby helped the evolution of banking during this period.

Thanks for A2A.hack is too broad so let’s consider all possible attacks,Stealing the card: not protected, unless your card requires a PIN (eg in Europe). But PIN is typically required based on complex rules such as amounts and in future may depend on several other inputs.Unsuspectingly skimming card information: for eg you have a card in wallet / pocket / purse, and someone taps their skimming machines / apps too close to your card. This is super complex but possible in public transits, if cards aren’t safely kept. (Same controls exist as above)Skimming card machines: these are by far the most dangerous and potential threats. In high risk areas, at public places such as hotels and airports some stores and ATMs have been hacked where the original equipment gets covered by PIN capture. These machines pass the input of your PIN entry to say, ATM but also store it. Thereby reading the card information as well as PIN information. Also, this may be super complicated with Tap and lot simpler with Magnetic stripes. (Unless they manage to get you to retry tapping). This is physical equivalent of soofing for password. This is also very high risk operation for fraudster since law enforcement will have pretty good trail back to fraudster.Malicious / hacked merchant: this is easiest of all. You shop at a merchant who hasn’t implemented all the right controls and your card information is logged or transmitted to unsuspecting fraudster.The card can be used for e-commerce purchases. that’s the common hack that you hear from poor controls at merchant. The problem isn’t with Tap but with e-commerce here.Technically, fraudulent / malicious code can transmit entire secure data along with card number to fraudulent merchant who than makes fake in-store transactions (and original merchant transaction fails): this would be a fools errand. The fraudulent merchant may receive money only two days after this transaction. But cardholder at the original merchant will call their bank for failing transactions, and bank will see successful transaction causing audit and likely catching the merchant before they get the money. Acquirer of that fraudulent merchant may be in major trouble as well.So while hacking is possible most viable / scalable attacks are not with Tap technology but with cards not managed by merchants / consumers securely. In all those scenarios, there are sufficient controls in place that make card usage the biggest source of payments in store / online - directly or indirectly (other than cash).PS: Opinions above are my personal and not backed by current, past or future employers.