PCI

The PCI Data Security Standard represents a common set of industry tools and measurements to help ensure the safe handling of sensitive information. Initially created by aligning Visa’s Account Information Security (AIS)/Cardholder Information Security (CISP) programs with MasterCard’s Site Data Protection (SDP) program, the standard provides an actionable framework for developing a robust account data security process – including preventing, detecting and reacting to security incidents.

• Recent Survey’s have shown that there are over 50% in compromises in the food service industry and over 25% in the retail environment. Cardholders’ information must be secured and protected from any kind of breach. Failure to do so can result in financial penalties that may potentially ruin the business you worked so hard to establish.

What are my responsibilities?

Access Control measures

• Install and maintain a firewall configuration to protect cardholder data.
• Do not use vendor-supplied defaults for system passwords and other security parameters.
• Protect stored cardholder data
• Encrypt transmission of cardholder data across open, public networks.
• Use and regularly update anti-virus software.
• Restrict access to cardholder data by business need-to-know
• Assign a unique ID to each person with computer access
• Restrict physical access to cardholder data.
• Track and monitor all access to network resources and cardholder data.
• Regularly test security systems and processes.
• Maintain a policy that addresses information security.

What might happen in case of a breach?

• If security is compromised, regardless of your merchant tier level (there are 4 Tiers), you will be required to undergo an on-site security audit.
• You will be fined and assessed all costs and expenses related to the forensic investigation. You must pay a consultant to conduct the audit. You must pass the audit and continue to do audits on an annual basis. Failure to notify Visa of a suspected or confirmed loss or theft of credit card data is subject to a fine of $100,000 per incident.
• Costs of forensic investigations begin at $50,000 and could be as high as $100,000 per investigation.
• Costs of annual audits can range from $15,000 – $20,000 per audit.
• You have the cost of the quarterly scans, which may vary
• And we haven’t even taken into consideration potential civil law suits

What are the 10 most common reasons for compromise?

• Backdoor / Trojan
• No Firewall
• SQL Injection
• Internal Theft
• Remote Access
• FTP Access to Data
• Remote Exploit
• Remote Buffer Overflow
• Login Credential Leak
• Password Brute Force

Where can I read more about the different card brands recommendations?

• www.pcisecuritystandards.org/merchants/
• MasterCard Worldwide:
  http://www.mastercard.com/sdp
• Visa Inc:
  http://www.visa.com/cisp
• American Express:
  www.americanexpress.com/datasecurity
• Discover Financial Services:
  http://www.discovernetwork.com/fraudsecurity/disc.html
• Visa Europe:
  http://www.visaeurope.com/ais

Please contact our office to find out what you can do to become compliant and how you can complete your mandatory yearly Self Assessment Questionnaire “SAQ”

Interchange

Understanding the merchant processing industry can get confusing at times. There are many different elements that make up a merchants fees for processing, the biggest of which is called Interchange. These are fixed rates, discount rates and discount per item (DPI) that the issuing banks charge all processors for over 300 different card types, transaction methods and industries. In addition to Interchange, you have Dues and Assessments that are being charged by the associations, as well as the processors margins.

Full Disclosure Pricing

At Ultimate, we pride ourselves on total transparency: There are many ways in our industry to price merchants, from Qualified, Mid-Qualified and Non-Qualified rates to Tier III or Tier IV pricing. Here at Ultimate we price all our merchants with a 100% Pass through Interchange Plus Pricing, the most detailed and transparent pricing model in our industry.

We tell the whole truth up front, and disclose all costs, including those you would never think of asking about. We will not offer teaser rates, low qualified-only rates, or other tricks that will end up costing you more on your “Effective Rate” – the bottom-line amount you actually pay every month.

Ask us about the Durbin Amendment

http://money.usnews.com/money/blogs/my-money/2011/07/12/what-the-durbin-amendment-means-for-you

Regulation II, an overview

The Durbin Amendment places the Federal Reserve Board in charge of debit card interchange. Specifically, the Fed was told to craft rules for setting “reasonable” interchange fee assessments by debit card issuers and ensuring merchants have the freedom to select clearing networks.

Financial institutions with assets under $10 billion are exempt from the new rules, which were published by the Fed in July 2011 as Regulation II. The new regulation takes effect Oct. 1, 2011. To allow for potential programming hurdles, issuers of certain types of prepaid debit cards (such as health and benefits cards) get an additional six months to comply with the network choice provisions, the Fed said. These are the industry’s new marching orders per Regulation 11:

• Debit interchange is capped at 21 cents plus 0.05 percent of the ticket.
• Issuers that abide by prescribed fraud prevention policies and procedures can charge 22 cents plus 0.05 percent of the ticket.
• Prepaid cards that are all-electronic are exempt from interchange caps; exempt programs cannot offer check privileges or direct deposit of payroll.
• Merchants must be given the option to select from at least two competing processing networks for routing debit card transactions.

In addition, the Fed said it will publish annually average debit card fees assessed by both large and small card issuers.

Clear, Detailed Statements

Our detailed statements show you exactly how much you were charged for each transaction, and to whom each penny was paid. You can choose from different cross sectioning of data to match your needs. Our trained staff and professional sales personnel are all there to assist you with any statement questions you may have.

Industry Glossary

• CC Glossary
• Payroll Glossary