Standard and Certification PCI-DSS
Standard PCI-DSS is the acronym for Payment Card Industry Data Security Standard.
A set of technical and behavioral requirements finalized to guarantee the adoption of protection measures on cardholders' payment cards data, regardless of the purchase method (online or in shop).
The regulations have been developed by the founding members of PCI Security Standards Council, which include International Circuits such as Visa International, Mastercard Worldwide and American Express.
International Circuits have made the certification mandatory to the Standards PCI - DSS, for the protection of payment cards data, for Merchants and in general for those who register and elaborate cards data.
Discover more on mandatory certification PCI-DSS and how Nexi support its Merchants.
Security advices for points of sale
In order to accept card payments without risks and always be secure, few simple rules are enough.
In case of sospiciuos situations, please call Customer Service and require an authorization with "code 10".
Our operator will always be ready to suggest you to give you the right advise and support you to the best.
Security advices for online and distance sales
In order to accept in a secure way Card payments in case of internet, phone or mail orders, we have adopted security systems promoted by International Circuits Visa and Mastercard that require the use of protocolli 3D Secure e del codice CV2.
3D Secure fraud detection
The conventional name 3D Secure stands for security protocols Verified by Visa (VbV) for Visa Circuit and Mastercard Identity Check for Mastercard Circuit. The system requests the authentication of payment by the Customer: during every purchase made on your e-commerce website, the Customer could be asked to insert a dynamic security code – that will be received through SMS – to complete the operation. Once the authentication phase is completed, the transaction follows its normal authorizative way.
Being compliant with to 3D Secure means taht you increase the security of your Customers and you are exempted from any responsibility in case of fraud (except rules expected by International Circuits). Thanks to liability shift, infact, in case your Client does not recognize a purchase, the responsibility of the transaction would be on the Issuing Company. Liability shift is applied according to Visa and Mastercard rules detailed in the document Verified by Visa and Mastercard Identity Check – instructions and rules.
Download Verified by Visa and Mastercard Identity Check - instructions and rules
For detailed information on 3D Secure antifraud services, please visit the dedicated section in the Privates Area. We would like to rimind you that 3D Secure Service is free and that it’s mandatory to be compliant with it for e-commerce sales processed with Naxi.
The CV2 security code
Security Code CV2 (CVV2 per Visa, CVC2 per Mastercard) is composed by the last three digits present on the back of the credit card. Asking for CV” in phase of authorization it’s important to verify the buyer is really in possess of the credit card and guarantees a sensible reduction of frauds on your load.
In order to secure your remote selling, besides explaining to your customers what a security code CV2 is, you must require CV2 for all payments, send it together with every authorization request and make it visible only to your staff and to the authorization request.
Finally, you have to adeguate your procedures (forms, organization processes) in order not to preserve CV after authorization, to avoid being subject to penalties expected by International Circuits about the not correct storage of CV2 (the code infact must be destroyed after the authorization request).
Remember that it’s mandatory to require CV2 for both e-commerce selling and mail orders- telephone orders.