Compliance Transparency and accountability you can rely on
Compliance, What EVERY Merchant Needs to Know!
Identity theft and data security have become so prevalent today that protecting yourself as a business and individual is critical. Accepting electronic payments brings on a whole new level of risk. You may have noticed the headlines in the Wall Street Journal (August 6th, 2008 edition): “Federal prosecutors charged 11 men in five countries with orchestrating a high-tech operation that stole more than 40 million credit card numbers from U.S. retailers including TJX Cos. (T.J. Max), Barnes & Noble Inc., Office Max Inc., and Sports Authority. The case is the biggest identity-fraud heist ever prosecuted in the U.S.” Furthermore, several Merchant Service providers have had thieves hack into their databases and steal card data. Click here for an article to read about Huntington Bank and RBS Worldpay, processor for Charter One Bank, who both had their millions of their client’s card data stolen.
Not only do you need to be concerned with the information you keep on file, but you should be very concerned about the company you have chosen to provide your credit card processing.
As a leading provider of credit card processing and equipment, National Payment Corporation has taken every step to ensure our security as a vendor and credit card processor. At the same time, we would like you to be as informed as possible to ensure your safety. Please review the information we have put together about identity theft and data security technology and programs.
There are several requirements of compliance. Please click on each category for more information.
PCI DSS Payment Card Industry (PCI) Data Security Standard (DSS)
PCI DSS is a worldwide security standard set by the PCI SSC (Payment Card Industry Security Standards Council). These are technical and operational requirements that were created to help organizations that process card payments to prevent credit card fraud, hacking, and various other security vulnerabilities and threats. The standards directly affect merchants and the terminals they are using.
PCI PED Payment Card Industry (PCI) PIN Entry Device (PED)
PCI PED is a compliance mandate for PIN (Personal Identification Number) Pads aimed at creating a more secure PIN based debit transaction. This requirement is meant for manufacturers that sell PIN pads and terminals with internal PIN pads. The PCI SCC (Payment Card Industry Security Standards Council) has set technical specifications for the PIN entry devices and has developed a standard testing process that aims to standardize rules for each of the PCI members (Visa, MasterCard, Discover, American Express, and JCB).
FACTA (FACT ACT) Fair and Accurate Credit Transactions Act.
It is every merchant’s responsibility to understand and comply with FACTA, and, in general, to protect the customer’s cardholder information. In addition, your business may be subject to other state laws that impact the information you may print on receipts. It is a good business practice to check the laws for your state to determine if you are compliant.
FACTA is a federal law that states that “no person that accepts credit cards or debit cards for the transaction of business shall print more than the last 5 digits of the card number or the expiration date upon any receipt provided to the cardholder at the point of sale or transaction.” 15 U.S.C 1681(c)(g).
MasterCard Tools for Security Success
Merchants must follow specific data security requirements in order to accept MasterCard cards. MasterCard Worldwide rules and recommendations apply to all transactions – whether they occur in a store, online, or over the phone.
Visa Fraud Control Basics
Visa offers merchants a variety of materials for fraud prevention, security, and risk management. Scam artists today are savvy to the security features and processes involved transactions and merchant must take extra precautions.
American Express Fraud Reduction Guidelines
Compromised data impacts consumers, merchants, and card issuers. Even one incident can severely damage a company’s reputation and impair its ability to effectively conduct business. Addressing this threat by implementing the American Express Data Security Operating Policy can help improve customer trust, and has the potential to increase profitability as well as enhance a company’s reputation. Your customers can feel more secure and so can you.
Data contained on this page is for informational purposes and is based on the latest information available to us. National Payment Corporation cannot and does not endorse nor warrant completeness or accuracy of data provided by other websites.
- PCI DSS
- PCI PED
- MasterCard Tools for Security Success
- Visa Fraud Control Basics
- American Express fraud reduction guidelines