Our advanced payment processing application (RPM) is always evolving, introducing the latest technologies, securities and user-friendly features.

There are now two ways to get the latest information about RPM

1) Once you have an account (as a client or demo account user) you can log into RPM by clicking the “Login” button at the top of our website, or by going to pos.e-xact.com. You can then view our latest updates by clicking “What’s New” in the top right-hand menu.

2) Now, to make this information available to ALL users and anyone interested in RPM, check for entries on our website that will contain the same information, but in a more universal format - outside of the application.

You can even subscribe to these updates with your RSS reader. Here’s What’s New for RPM this month:

January 24th, 2008

• User Preferences : “Home Page” option added. This allows users to set a default home page such as “Search” or “POS” after logon

January 17th, 2008

• Basic Search: Limited search to “Card Holder” and “Reference” numbers to improve performance. To search by “Card Number” and “Auth” number use “Advanced Search”
• Advanced Search: Removed ability to search by “All” to improve performance
• Search: When performing a tagged refund transaction from Search, 2 more reference fields have been added

Reports in the new year are fairly encouraging when it comes to PCI compliance. According to SC Magazine US, “The number of large corporations in adherence jumped from 12 percent in March 2006 to 77 percent by the end of last year, while medium-sized merchants improved by nearly 50 percent in the year beginning December 2006.”

That covers what are identified as Level 1 merchants, those generating 6 million or more Visa transactions annually. For Level 2, Visa confirms that 62% are compliant while that still leaves Level 3 merchants.

Level 3 merchants are traditional brick and mortar businesses but this also e-commerce/internet retailers.

The 2,596 so-called Level 3 e-commerce-only merchants, those submitting 20,000 to 1 million Visa transactions a year, had a 54% full validation rate as of Dec. 31, with another 20% having submitted an initial validation or were in remediation. [Digital Transactions]

Things are looking up in terms of being a credit card user and consumer who deals with merchants such as these. The responsibility is shifting more than ever over to the merchant as fines and levies are one thing, but they’re certainly not as hefty as security breaches which lead to potential loses in the millions. The cost of PCI compliance is certainly a justified expense for any business.

For more information about PCI compliance visit the PCI website and take the self-assessment. If you process transactions, whether it be online or through a brick and mortar business, feel free to contact us to find out about how E-xact can become your compliant payment gateway solution.

January 26, 2008

E-xact’s developers will be participating in Vancouver’s first ever RubyCamp, a day dedicated to all thing Ruby. As E-xact’s secure realtime processing solution, RPM, is built on Ruby technology, it’s the ideal opportunity for our team to share insights, and mingle with the local Ruby community.

RubyCamp is a free one-day gathering for Rubyists and Railers.

When and Where:
WorkSpace in downtown Vancouver, B.C., Canada
January 26th, 2008 from 9:00 am to 5:00pm

Who Should Come:
Anyone who’s interested in Ruby and Rails, whether you’re just interested in learning what this Ruby thing is all about or you know Ruby inside out.

The Conference Track:
A conference-style track with “classic” talks on Ruby or Rails topics. We’re looking for a few more speakers, send in your talk proposal!

The Hackathon Track:
An informal un-conference track focusing on hacking some Ruby code, showing off a cool feature you just added to your Rails application or demonstrating a new addition to Rails 2.0. If you’re interested in working on some code or showing off something, get started by promoting your ideas and get some buzz going.

A Weekend of Ruby:
There are two more reasons to come to Vancouver for those of you who are out of town. On the Friday before RubyCamp, Rails Advance is giving a one day Intermediate Ruby and Rails Workshop. On the Sunday after RubyCamp, Peter Armstrong is giving a one day workshop on Flexible Rails.

For more information visit the Vancouver RubyCamp website.

The latest screencast in E-xact’s Screencast Demo Series featured EPP - the new Enhanced Payment Plugin for Chase Paymentech. This is our custom-branded solution now offering enhanced security features, a sleek interface and rich merchant tools.

E-xact’s screencasts are available on our Screencasting page, or by visiting our new Viddler profile.

Back at work this morning after the holidays and for the first time in 2008, I picked up a copy of Digital Transactions while having my morning coffee. The issue was from November 2007 but featured “The 10 Most Pressing Issues in E-Payments”. Of particular interest on the list was 3. PCI And Data Security:

“The Payment Card Industry Data Security Standard (PCI DSS) has turned into the next Sarbanes-Oxley. What with a seemingly never-ending rash of card-data leaks, businesses are finding themselves under pressure as never before to shore up internal systems, stop collecting certain data from mag-stripe swipes, and keep themselves from becoming the next breach headline.” [Read more in the Digital Transactions archives].

It seems like 2007 was a breakthrough year in terms of the awareness of credit card data storage and fines however there is still an alarming number of companies who are not compliant. The year in review over at Search Security written by Mike Rothman quite frankly sums up 2007:

Looking ahead, it’s hard to envision 2008 being that different from 2007. We’ll see more data breaches, more disclosures and probably more legislation and regulation. Companies will continue to spend money to keep their auditors happy and stay one step ahead of the compliance reaper. But until we really see an organization raked over the coals because of a compliance violation, we’ll continue to deal more with the specter of compliance than the reality. [Search Security]

This quote is pretty harsh as it describes a more reactionary step toward compliance, rather than preventative. Companies can be confronted with as many scare-tactics as possible but PCI DSS is something that benefits your business and your consumers, and should be proactively considered.

The deadline for Tier 2 companies (those who process between 1 and 6 million transactions a year) was December 31, 2007. However, the PCI council does not impose fines - those come from credit card companies/payment brands like Visa (who has recently been named the “World’s Leading Credit Card” for the 10th year in a row [BusinessWire]).

For more information, tailored to merchants courtesy of Visa, visit their Cardholder Information Security Program website.

For more information about the Payment Card Industry Data Security Standard, read through the FAQ on the PCI DSS website.

This blog post is a part of the E-xact Transactions Ltd. PCI Blog Series.