Sunday, September 30, 2007
If merchants and the acquirers servicing them are not hearing an ominous tick, tick, tick, maybe they should. On Sept. 30, 2007, Visa U.S.A. intends to begin fining acquirers $5,000 per month for each of their level 1 and level 2 merchants who have not complied with the Payment Card Industry (PCI) Data Security Standard.
That's not all. Noncompliant merchants may be assessed fines starting at $25,000 per month. And said merchants also face the prospect of being downgraded one level, meaning they will have to pay more for transaction processing.
Acquiring banks are responsible for making sure their merchants are PCI compliant. And the PCI standard is meant to safeguard cardholders' information.
A level 2 merchant is any business that processes 1 to 6 million Visa transactions per year. A level 1 merchant is defined as any merchant processing over 6 million Visa transactions per year. But the level 1 category also applies to merchants who have suffered hacks on their computer systems that resulted in the theft of customers' account data.
Furthermore, Visa and MasterCard Worldwide can categorize any merchant as level 1 if the card Associations deem the merchants pose a risk to the system.
According to the PCI Compliance Guide (found at www.pcicomplianceguide.org), Visa predicts 65% of all merchants will have complied with the PCI by the end of 2007; the threat of levying fines is designed to speed the process.
The PCI includes 12 major requirements merchants must strictly adhere to. Any violation may result in a business losing its compliance status. Each incidence of noncompliance will result in fines, suspension and revocation of a bankcard processing privileges.
For PCI compliance, all merchants are required to fill out a Self Assessment Questionnaire (SAQ) annually. The SAQ is approximately 75 questions designed to assess a merchant's actual working conditions.
Merchants are also required to undergo a quarterly scan of their systems for storing, transmitting and processing cardholder data. Scans must be done by approved PCI scanning vendors. So, what are your merchant customers doing to make certain they won't get dinged by Visa after Sept. 30?
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.