Several businesses have been fined in the last few months due to not complying with PCI DSS. This is in reference to the full credit card number being printed on the cardholder's copy of the receipt. Please remember it is the business owner's responsibility to ensure that all mandatory security issues are complied with. See below:

PAN - Primary Account Number is the payment card number (credit or debit) that identifies the issuer and the particular cardholder account. Also called Account Number

PCI DSS requirement 3.3 states "Mask PAN when displayed (the first six and last four digits are the maximum number of digits to be displayed)." See also the note under PCI DSS requirement 3.3 - "This requirement does not apply to employees and other parties with a legitimate business need to see the full PAN. This requirement does not supersede stricter requirements in place for displays of cardholder data (for example, for point-of-sale (POS) receipts)." Since this requirement covers all displays of PAN, including those on paper reports, computer screens, and receipts, the maximum digits allowed may be more than are specified in existing regulations (see FACTA below). Please note, however, that PCI DSS does not override any other laws that legislate what can be printed on receipts (such as the U.S. Fair and Accurate Credit Transactions Act (FACTA) or any other applicable laws). Also note that any paper receipts stored by merchants for legitimate business reasons and which contain the full PAN must adhere to the PCI DSS, especially requirement 9 regarding physical security.

As the July 1, 2010, deadline approaches for mandatory Payment Application Data Security Standard-compliance, countless merchants may require new equipment and processors. Please review some of the frequently asked questions:

Does PCI DSS apply to merchants who use payment gateways to process transactions on their behalf, and thus never store, process or transmit cardholder data?

PCI DSS requirements are applicable if a Primary Account Number (PAN) is stored, processed, or transmitted. If PAN is not stored, processed, or transmitted, PCI DSS requirements do not apply. However, under PCI DSS requirement 12.8, if the merchant shares cardholder data with a third party processor or service provider, the merchant must ensure that there is an agreement with that third party processor/service provider that includes their acknowledgement that the third party processor/service provider is responsible for the security of the cardholder data it possesses. In lieu of a direct agreement, the merchant must obtain evidence of the third-party processor/service provider's compliance with PCI DSS via other means, such as via a letter of attestation.

What is the Payment Card Industry (PCI) Data Security Standard (DSS)?

The PCI Data Security Standard represents a common set of industry tools and measurements to help ensure the safe handling of sensitive information. Initially created by aligning Visa's Account Information Security (AIS)/Cardholder Information Security (CISP) programs with MasterCard's Site Data Protection (SDP) program, the standard provides an actionable framework for developing a robust account data security process - including preventing, detecting and reacting to security incidents. The updated version, version 1.1, developed by the founding members of the PCI Security Standards Council, became effective with the launch of the PCI Security Standards Council.

Visa and MasterCard will be increasing several Interchange categories. Normally rate change notifications will be included in the monthly statement the month before the increase. These increases will be effect as of April 2007. Please check back later for specifics.

The Debit Network Acquirer ACCEL has announced several Interchange fee increases. These increases will affect the Retail, Supermarket, Wholesale Club and QSR (Quick Service Restaurant) categories. These changes will be in effect as of February 2007.

The staff and I have recently updated and revised our "Dictionary" of terms you will need to understand when dealing with merchant services. Click to view the Dictionary.

Visa and MasterCard announced some Interchange category increases and have added several Interchange categories. These will be in effect as of April 2006