FEATURED ARTICLE

PCI Compliance
Frequently Asked Questions

Since NTC Texas has received so many questions regarding PCI compliance, we have devoted this article to PCI Frequently Asked Questions.

Q. I received a letter from Elavon stating that I would be charged $135 fee for TrustKeeper. Is this letter a scam, should I disregard the letter?

A. No, the letter is not a scam. Elavon the processor of credit cards & checks is owned by US Bank. NTC Texas is a registered merchant service provider for US Bank/Elavon. The PCI Security Standards Council mandates that all Merchants be PCI DSS compliant. For more information about TrustKeeper, click here.

Q. I did not receive a letter from Elavon regarding TrustKeeper does that mean that I am exempt from PCI Compliancy?

A. No, all merchants must be PCI DSS compliant. Elavon is sending out letters in phases. The first phase included merchants using Software or virtual terminals. Merchants using hardware terminals and those excluded from phase 1 will receive a letter from Elavon at a later date.

Q. I am a Merchant with Multi Locations / Multi- MIDs will I be charged a fee for TrustKeeper for each MID?

A. Elavon is charging one fee if the Multi- MID relationship is as follows:

• Same physical address
• Same Fed Tax ID
• Same DDA

Q. I am a small merchant that handles only a few credit card transactions. Do I have to be Compliant?

A. Yes, If you accept credit card payments you must be PCI Compliant.

Q. As a Merchant, I am entitled to store any Data.

A. No, many merchants believe they have a right to store all the data about that customer in order to help their business. Doing so may be a violation of State and Federal legislation regarding privacy. The PCI regulations specifically forbid storing of any of the following:

• Unencrypted credit card number
• CVV , CVV2, CVN, CVC2
• Pin blocks
• PIN numbers
• Track 1 or 2 data
• Any of the above found in databases, log files, audit trails, backups etc. can result in serious consequences for the Merchant, especially if a compromise has taken place.

Q. What Merchant Level am I?

A. Merchant level is determined by the dollar volume of a business.

• Level 1 – More than 6 million in transactions annually across all channels, including eCommerce and any merchant that has experienced a breach
• Level 2 – Transactions totaling 1 million to 6 million per year
• Level 3 – Transactions totaling 20,000 to 1 million per year
• Level 4 – eCommerce transactions totaling up to 20,000 per year and all other merchants, regardless of acceptance channel, processing up to 1 million Visa and/or MasterCard transactions per year

Q. I have an SSL certificate, do I still need a PCI compliance certification?

A. Yes, Secure Socket Layer (SSL) encryption certificates and PCI compliancy are completely different services. Online merchants will need both SSL certification and PCI-DSS certification to accept credit cards after March 1, 2008.

Q. I just opened my business will I be charged the 2009 PCI Compliance fee?

A. Merchants boarded between Oct 1, 2008 and June 30, 2009 will not be charged the 2009 PCI compliance fee. In December 2009 merchants will be assessed the appropriate 2010 annual PCI Compliance fee.

PRODUCT SPOTLIGHT

InstaMed Patient Statements

With InstaMed Patient Statements healthcare facilities can completely streamline their patient statement printing, fulfillment and mailing. There are no system changes or software to install as this product is accessible in web-based ASP mode. It supports nearly any billing system data file format. Statements are available in multi-color standard or can be customized. Patient Statements are offered as stand alone or as part of Patient Payment Portal with eStatements. For more information about InstaMed, click here.