At The Merchant Solutions, we continuously invest in tools and technologies to provide our merchants with cardholder security. Our first priority is to present you with an assortment of security measurements to protect you from the damage of a security breach while helping you meet PCI standards. PCI DSS stands for Payment Card Industry Data Security Standard. It incorporates a set of industry tools and measurements to help ensure the safe handling of sensitive information.

If you are in the payment card business, you are affected. PCI compliance applies to every business that stores, processes or transmits any cardholder data regardless of the size of the company. Nobody is exempt. PCI is crucial for all merchants who accept credit cards, online or offline, in order to ensure the security of your customer’s payment card data.

Why Secure?

Many criminals target small businesses in order to gain credit card or other sensitive information. If the merchant is at fault for a security breach, the merchant faces the potential of many negative forces:

• Fines and penalties
• Termination of ability to accept payment cards
• Loss of confidence by customers
• Loss of sales
• Cost of reissuing new payment cards
• Legal costs, settlements and judgments
• Fraud losses
• Higher subsequent costs of compliance
• Going out of business

What to Secure?

The object of desire to a thief is cardholder data. By obtaining the Primary  Account Number (PAN) and sensitive authentication data, a thief can  impersonate the cardholder and steal the cardholder’s identity. Sensitive  cardholder data can be acquired from many places: 

• Compromised card reader
• Paper stored in a filing cabinet
• Data in a payment system database
• Hidden camera recording entry of authentication data
• Secret tap into your store’s wireless or wired network

Everything at the end of a red arrow is sensitive cardholder data. Anything on  the back side and CID must never be stored. Everything else you store must be for a good business reason, and that data must be protected.

Benefits of PCI

• Boost in customer confidence
• Protection from costly fines
• Improve your business reputation
• Peace of mind for your business and clients
• Confident customers are more likely to recommend you to others
• Prevent risk of security breaches and theft not only today, but in the future

PCI Compliance allows you to confidently communicate with your customers that appropriate measures have been taken to protect valuable cardholder information. Taking a few security measures now can help your business prevent credit card fraud.

Learn More

TransArmor® solution is a powerful payment card security that combines the flexibility of software or hardware based encryption with random-number tokenization technology. The TransArmor solution protects payment card data and prevents it from entering the merchant environment, so your systems never hold the actual card numbers from the transactions you process.

The TransArmor solution removes the need for merchants to store card data by replacing it with a randomly assigned number, called a ‘token’. In doing so, TransArmor minimizes risk by reducing the scope of PCI compliance, shifts the burden of protecting cardholder data to First Data, and allows the ‘token’ to be used for other business and sales functions such as returns, sales reports and analysis.

This advanced security technology addresses merchant concerns over card data protection, card data storage and the rising cost and complexity of PCI compliance.

Advantages

With the TransArmor solution, payment card data is protected at every transaction stage – in transit, in use and at rest. You retain access to the token number for business and marketing purposes. And because the TransArmor solution maintains the primary account number (PAN) data in a First Data “vault,” it reduces the scope and cost of PCI compliance.

Key Components

• Offers multiple encryption options
  Payment card data is secured at the merchant POS — prior to transmission — using either software or hardware based encryption and is protected throughout the entire transaction.
• Addresses root cause of data security issues
  Tokenization technology helps ensure that payment card data never enters the merchant environment by replacing it with a random-number token, which has no value outside of the merchant environment.
• Reduces PCI compliance scope, effort and cost
  Removing payment card data from merchant systems also removes it from PCI scope, minimizing the time and resources needed to meet PCI requirements.
  • Can reduce the scope of annual PCI audits by as much as 80%
  • Can reduce the time PCI compliance requires by as much as 50%
    • Preserves a unique card-based ID
      Token numbers can be used in place of the original card number for business functions without risk of storing card data or breaking processes.
    • Easily implemented and maintained
      No additional hardware changes to back-end systems or employee training is typically required.
    • Access to data
      First Data retains access to the secure data and translates card numbers to randomly assigned token values when needed for customer interactions such as adjustments, retrievals, recurring payments and chargebacks
    • Warranty
      Because the processor is now securing and storing the card data, First Data offers a limited warranty to protect the merchant if the token is stolen.

The TransArmor solution meets the PCI Security Standards Coucil guidelines for encryption and tokenization, and with their assessment of EMV, it adds an additional layer of security to those solutions.

Learn More

Information on New IRS Reporting Requirements

The Housing and Economic Recovery Act of 2008 contains new payment transaction reporting requirements intended to help the IRS identify under-reported sales. This is to be done through third-party corroboration of the amount of a merchant’s credit card, debit card, gift card and eCommerce transactions. At the end of each calendar year, the reporting entity (i.e., the “merchant acquiring entity”) will file an information return with the IRS reporting the gross amount of that merchant’s transactions for the year and will provide a corresponding Form 1099-K to the merchant.

Overview of the Legislation

Section 6050W of the Internal Revenue Code and the implementing Treasury Regulations contain new transaction reporting and withholding requirements. Obligated reporting entities must report merchants’ payment card and third party network transactions based on tax identification numbers and tax filing names. In addition, these entities must support withholding of merchant settlement dollars based on IRS backup withholding guidelines.

Backup Withholding

Amounts reportable under Section 6050W are subject to backup withholding requirements. If a merchant fails to provide its payment settlement entity with its TIN or if there is a discrepancy between the merchant’s TIN and the associated information in the payment settlement entity’s records and the IRS’ records, the payment settlement entity will be required to perform backup withholding from merchant funding by deducting and withholding income tax from reportable transactions in 2012. Backup withholding will be based on the current IRS withholding regulations (currently 28 percent) and will be subtracted from the merchant’s daily deposits. The withholding is based on the merchant’s gross amount of sales.

Merchant Information

In order to perform these reporting and withholding functions, each payment settlement entity, or a merchant acquiring entity, must have the correct TIN and tax filing name for each merchant. Merchants will be contacted by their merchant acquirer to provide updated tax information
(if current information does not match the IRS database) or to confirm validated tax information on file.
Depending on your situation, you will need either a TIN (Tax Identification Number) or an EIN (Employer Identification Number). To best determine which you will need or to confirm your
TIN or EIN, visit the IRS Web site at http://www.irs.gov/ and go to the section on TINs.

Conclusion

The new IRS reporting requirements will undoubtedly create apprehension and operational challenges for both merchants and reporting entities. Both parties can minimize frustrations by making the necessary preparations to comply with the law as its requirements are understood today, well in advance of the law’s effective date.
The Merchant Solutions will continue to be a resource for merchants and financial institutions to help them understand responsibilities as details of the regulations become clearer. Additionally, we are committed to collaborating with our partners and customers in compliance implementation.
So, while the new IRS requirements may be intimidating, compliance will be manageable if all impacted parties make time to understand the provisions as they are outlined today, identify responsibilities and plan strategies. It’s just as important to remain alert, through research and communications, for future clarifications regarding compliance.

Learn More