PCI DSS for Microgaming Casino Transactions
Microgaming as a company which provides soft to web casinos, has a stimulation of developing the best protection norms for its products. For providing the trusted service, this supplier fully complies with standards, developed by PCI council.
PCI DSS are special demands for payment operations, helping to build a reliable service. Such standards are used by all commercial organizations that deal with online transactions (i.e. process, send/receive sensitive financial info).
Payment Card Industry Security Standards Council
The work of the Council started in 2006, it was launched by the most widespread financial brands as Visa, JCB International, American Express, MasterCard Company and Discover. This service works for merchants, commercial organizations, software developers – for everyone who accepts plastic card payments.
The main purpose of this authority is to implement the necessary standards in financial institutions for providing better maintenance and enhancing security system.
Card Payments at Microgaming Casinos. How Do They Work?
Clients of Microgaming casinos often use plastic cards to deposit or withdraw funds. Each one has PAN or the Primary Account Number, which consists of 16 numbers (printed on the face side across the middle). These digits include Bank identification code (first 6 characters) and they stand for the organization which has issued the card.
So, when a gambler needs to deposit cash to some of the Microgaming casinos, he/she should type (in the form on the web page of the staking room) the card number, the date of expiration (mm/yy) plus CVV1 password (3 characters on the back). Then the data is sent to the bank (in the encrypted form) and the info about completing the payment comes back to the online gambling house and thus, the gamer has a particular sum on the account balance.
Main Control Objectives and PCI DSS Requirements
The council has set particular purposes and requirements, assigned to them, which show the main points for succeeding in providing the best protection of cardholders.
• Creating and maintaining safe network system;
– Installing a strong firewall defense to protect client info
– Not using provider-supplied default parameters as passwords
• Enhanced protection of the client’s information;
– Using encryption technology when transmitting personal data
• Prevention and fixing vulnerabilities;
– Using updated anti-virus soft
– Developing secure systems and apps
• Implementing strict control measures for accessing;
– Setting restriction for reaching cardholder info by unauthorized parties
– Attaching a special ID to each one, who has a computer access
• Constant examining of the networks;
– Tracking and analyzing all entries to resources storing financial data
– Performing regular tests of the safety processes
Compliance Audit
For checking the conformity with the PCI rules by Microgaming and other companies which keep, send or receive financial info from the customer, the organization has developed a special assessment.
During the period of such audit, a Qualified Security Assessor reviews whether a particular commercial enterprise has met all requirements.
The main condition to be satisfied to pass the validation is to provide strong defense solutions with mitigation plans that cover vulnerabilities of SSL and early TLS protocols or even stop using them due to insecure encryption.
Qualified Security Assessor (QSA)
The QSA is a specially assigned person, who is in charge of auditing commercial institutions. This assessor checks the work of Level 1 merchants (who have completed more than 6,000,000 transactions per year). During this process, the auditor fills some documents, which have a role of conformity verification.
Self-Assessment Questionnaire (SAQ)
The SAQ has a purpose of assisting providers of commercial services to form a self-estimate of meeting the PCI DSS conditions. It is a validation blank for those, who aren’t obliged to submit ROC. Thus, companies are able to perform self-attestation to correspond with the necessary requirements.
Report on Compliance (ROC)
According to the described standards, all Visa merchants at 1 Level should complete a special form (a Report of Compliance) to successfully pass the assessment. This document shows that a company has a good security system, which can impede hijacking of the personal info of the cardholders. It is filled by the QSA and then sent to the acquiring bank, after what Visa issues the conformity verification.
Merchant Levels for PCI DSS
Nowadays, they single out four ranks that can be assigned to a particular organization which deals with credit/debit cards. The level depends on the amount of purchase/selling operations per year.
The Payment Card Industry has developed such system to determine what defense measures must be assigned according to the lvl for minimizing the risks.
Level 1
Standard for merchant organizations:
• Completing more than 6 million transactions (via Visa) a year;
Verification terms:
• Filling ROC (by assessor);
• Regular network scanning (every quarter) by ASV;
• Declaration of conformity.
Level 2
Standard for merchant organizations:
• 1-6 million money operations (made via MasterCard or Visa) per year.
Verification terms:
• SAQ;
• Regular network scan (done by ASV);
• Declaration of conformity.
Level 3
Standard for merchant organizations:
• 20 thousand to 1 million MasterCard or Visa online money operations.
Verification terms:
• SAQ;
• Regular checks by ASV scan;
• Declaration of conformity.
Level 4
Standard for merchant organizations:
• <20,000 MasterCard or Visa online transactions.
Verification terms:
• SAQ
• ASV scan
• Declaration of conformity.