Effective January 1, 2008, Phase 1 of the Visa Payment Application Mandates stipulates that no merchant may be boarded that uses a payment application identified as storing vulnerable data. The Payment Card Industry Data Security Standard (PCI DSS) prohibits the storage of the full contents of any magnetic stripe, CVV2 or PIN data. Merchants are at high risk of being compromised if they use payment applications that store prohibited data or have security weaknesses. A good resource is available at www.visa.com/pabp, where you will find a list of validated payment applications (make sure your POS is on the list) and best practices. We also recommend www.pcisecuritystandards.org and www.visa.com/cisp.
The primary threat has to do with your POS system and network environment. You should upgrade your POS software version to one that does not store prohibited card holder data and is certified as listed on the Visa.com/pabp. If you are putting off upgrading your POS software due to the expense, an inexpensive alternative is to process your card payments using a credit card terminal not tied to your POS.
Stand alone credit card terminals are PCI compliant and are not at risk from a hacker. These units are small with built in thermal printers and offer high speed IP connections with dial back up. You can even tie multiple units together without a network for a single batch settlement. Separating the payment technology from the rest of your POS functionality offers a low tech way of meeting pressing security concerns. All it takes is to reconcile the POS sales report with your card terminal’s batch report, which, unlike IT, is a skill set that most of us have.
Any old data that may have been stored is at risk, so if you are using a POS, it is recommended that you delete unused stored data on your POS hard drive or install a clean hard drive. Make sure you do this regardless of the path to compliance.
The MasterCard Quick Payment Service (QPS) program provides chargeback protection and allows the flexibility of no signature required on qualifying transactions (under $25 except under $35 for movie theaters and under $50 for parking lots). Registration does not affect pricing; therefore merchants may qualify for small ticking pricing without registration. Twelve merchant categories are eligible to register: 5411 Grocery/Supermarkets, 5499 Food/Convenience/Markets, 5541 Service Stations, 5735 Music Stores*, 5814 Fast Food Restaurants, 5912 Drug/Pharmacies, 5942 Bookstores*, 5994 Newsstands*, 7216 Dry Cleaners*, 7523 Parking Lots, 7841 Video Stores*, 7832 Movie Theaters (* must have one check out lane accepting the contactless MasterCard PayPass).
Debit networks, Shazam and ACCEL, have announced changes. Effective January 1, 2008, Shazam will add Quick Service Restaurant (QSR), Small Ticket Retailer, Petroleum, Retail Max, QSR Max charge types and increase Retail and Grocery transactions. Effective February 29, 2008, ACCEL debit network will increase their Retail Max, Grocery, QSR and QSR max fees.
Please be advised that effective April 5, 2008, Visa is changing the chargeback protection limits for all Automatic Fuel Dispenser (AFD) transactions on Visa consumer and Visa Business products from $50 to $75 when a status check authorization is obtained. The chargeback protection for Visa Fleet cards will continue to operate at the recently revised $150 limit.
Visa has recently updated their Utility Interchange Reimbursement Fee (VUIRF) Program guide and registration form requirements. Merchants classified under MCC 4900 provide the generation, transmissions, and/or distribution of electric, gas, water or sanitary utility services on an ongoing basis are eligible to register for participation. To further build Visa card acceptance, registered VUIRF participants qualify at $0.75 for Visa consumer debit and consumer credit transactions and $1.50 for Visa small business products.
Vantage Card Services, Inc. (“Vantage”) and Global Payments Direct, Inc. (“Global”) are pleased to inform you of a business relationship with Discover Financial Services, LLC (“Discover® Network”) whereby Global now offers Discover Network card acceptance as an integrated processing solution to merchants, which includes one source for settlement on a single statement as well as one source of customer service for your authorization, chargeback processing and risk management needs. Merchants also benefit with direct pass through of Discover Network Interchange, Dues and Assessments.