Cardholder security & compliance is our top priority at The Merchant Solutions. Now, more than ever, protecting revenue is essential to your business.
We continually invest in tools and technologies to protect our clients’ data and their customers’ throughout the payment transaction cycle.
Whether it be a POS terminal, an eCommerce transaction, payment authorization or settlement, you can count on The Merchant Solutions to provide you with a range of security measures to protect you from the damage of a security breach, while helping you meet PCI compliance standards.
At The Merchant Solutions, we continuously invest in tools and technologies to provide our merchants with cardholder security. Our first priority is to present you with an assortment of security measurements to protect you from the damage of a security breach while helping you meet PCI standards. PCI DSS stands for Payment Card Industry Data Security Standard. It incorporates a set of industry tools and measurements to help ensure the safe handling of sensitive information.
If you are in the payment card business, you are affected. PCI compliance applies to every business that stores, processes or transmits any cardholder data regardless of the size of the company. Nobody is exempt. PCI is crucial for all merchants who accept credit cards, online or offline, in order to ensure the security of your customer’s payment card data.
Many criminals target small businesses in order to gain credit card or other sensitive information. If the merchant is at fault for a security breach, the merchant faces the potential of many negative forces:
The object of desire to a thief is cardholder data. By obtaining the Primary Account Number (PAN) and sensitive authentication data, a thief can impersonate the cardholder and steal the cardholder’s identity. Sensitive cardholder data can be acquired from many places:
Everything at the end of a red arrow is sensitive cardholder data. Anything on the back side and CID must never be stored. Everything else you store must be for a good business reason, and that data must be protected.
PCI Compliance allows you to confidently communicate with your customers that appropriate measures have been taken to protect valuable cardholder information. Taking a few security measures now can help your business prevent credit card fraud.
TransArmor® solution is a powerful payment card security that combines the flexibility of software or hardware based encryption with random-number tokenization technology. The TransArmor solution protects payment card data and prevents it from entering the merchant environment, so your systems never hold the actual card numbers from the transactions you process.
The TransArmor solution removes the need for merchants to store card data by replacing it with a randomly assigned number, called a ‘token’. In doing so, TransArmor minimizes risk by reducing the scope of PCI compliance, shifts the burden of protecting cardholder data to First Data, and allows the ‘token’ to be used for other business and sales functions such as returns, sales reports and analysis.
This advanced security technology addresses merchant concerns over card data protection, card data storage and the rising cost and complexity of PCI compliance.
With the TransArmor solution, payment card data is protected at every transaction stage – in transit, in use and at rest. You retain access to the token number for business and marketing purposes. And because the TransArmor solution maintains the primary account number (PAN) data in a First Data “vault,” it reduces the scope and cost of PCI compliance.
The TransArmor solution meets the PCI Security Standards Coucil guidelines for encryption and tokenization, and with their assessment of EMV, it adds an additional layer of security to those solutions.
The Housing and Economic Recovery Act of 2008 contains new payment transaction reporting requirements intended to help the IRS identify under-reported sales. This is to be done through third-party corroboration of the amount of a merchant’s credit card, debit card, gift card and eCommerce transactions. At the end of each calendar year, the reporting entity (i.e., the “merchant acquiring entity”) will file an information return with the IRS reporting the gross amount of that merchant’s transactions for the year and will provide a corresponding Form 1099-K to the merchant.
Section 6050W of the Internal Revenue Code and the implementing Treasury Regulations contain new transaction reporting and withholding requirements. Obligated reporting entities must report merchants’ payment card and third party network transactions based on tax identification numbers and tax filing names. In addition, these entities must support withholding of merchant settlement dollars based on IRS backup withholding guidelines.
Amounts reportable under Section 6050W are subject to backup withholding requirements. If a merchant fails to provide its payment settlement entity with its TIN or if there is a discrepancy between the merchant’s TIN and the associated information in the payment settlement entity’s records and the IRS’ records, the payment settlement entity will be required to perform backup withholding from merchant funding by deducting and withholding income tax from reportable transactions in 2012. Backup withholding will be based on the current IRS withholding regulations (currently 28 percent) and will be subtracted from the merchant’s daily deposits. The withholding is based on the merchant’s gross amount of sales.
In order to perform these reporting and withholding functions, each payment settlement entity, or a merchant acquiring entity, must have the correct TIN and tax filing name for each merchant. Merchants will be contacted by their merchant acquirer to provide updated tax information
(if current information does not match the IRS database) or to confirm validated tax information on file.
Depending on your situation, you will need either a TIN (Tax Identification Number) or an EIN (Employer Identification Number). To best determine which you will need or to confirm your
TIN or EIN, visit the IRS Web site at http://www.irs.gov/ and go to the section on TINs.
The new IRS reporting requirements will undoubtedly create apprehension and operational challenges for both merchants and reporting entities. Both parties can minimize frustrations by making the necessary preparations to comply with the law as its requirements are understood today, well in advance of the law’s effective date.
The Merchant Solutions will continue to be a resource for merchants and financial institutions to help them understand responsibilities as details of the regulations become clearer. Additionally, we are committed to collaborating with our partners and customers in compliance implementation.
So, while the new IRS requirements may be intimidating, compliance will be manageable if all impacted parties make time to understand the provisions as they are outlined today, identify responsibilities and plan strategies. It’s just as important to remain alert, through research and communications, for future clarifications regarding compliance.