| IN THIS ISSUE |
October 2009 |
|
|
 |
| FEATURED ARTICLE |
Why Do I Have to Become PCI
Compliant? My Processor Already Is. |
 In order for a merchant to accept credit card payments they must be Payment Card Industry (PCI) compliant, regardless of whom their processer is. Payment Card Industry Data Security Standards Council was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc. |
| NTC Texas is a registered merchant service provider for US Bank/Elavon. Elavon has partnered with Trustwave© to provide the Elavon PCI Compliance program. Merchants have 90 days after they are notified to provide Compliance Validation through the Trustwave© Website or through a Qualified Security Assessor (QSAs) of their choosing. Merchants who do not provide compliance validation will be assessed a monthly compliance fee of $20 until validation is provided. |
| To meet the PCI Data Security Standards (PCI DSS) all merchants must complete the PCI Data Security Standard Self-Assessment Questionnaire (SAQ). The SAQ is a validation tool intended to assist merchants in self-evaluating their compliance with the Payment Card Industry Data Security Standard (PCI DSS). The true intent of the PCI DSS is not for organizations to be compliant at a single point in time, but instead to maintain compliance over time. There are multiple versions of the PCI DSS SAQ to meet various scenarios. Elavon has divided merchants into two categories. |
| IP: POS Software, IP terminals, Internet transactions, Merchant Hosted eCommerce, Premise based, eCommerce, and third party hosted eCommerce. |
| Non-IP: Dial up Terminals, ARU, Paper processing method, Wireless terminals, Third party billing source and lockbox. |
| While many processers have opted to charge their merchants a PCI monthly fee Elavon has opted to charge a yearly fee. The fee is up to $175 per year, per Merchant Identification Number (MID). The fee that a merchant is assessed for their PCI compliance is determined by the merchants’ method of processing. Dial-up Terminal fee is $55 per year. |
| Understanding and implementing all of the requirements of PCI DSS can seem overwhelming, especially for smaller merchants who may not have strong security or an IT department. However, PCI DSS mostly calls for the best practices that every business would want to take to protect sensitive data. When merchants say PCI is too difficult what they may really mean is compliance is too expensive. Merchants should consider the business risks and ultimate costs of non-compliance. In the case of a security breach the fines, legal fees, decreases in stock equity, and especially lost business vastly exceeds the costs of implementing PCI DSS. Implementing PCI DSS should be part of a basic security policy, which requires making this activity part of your ongoing business strategy and budget. |
| Please Call NTC Texas at 877.877.6511 if you need assistance in becoming PCI Compliant. |
| PRODUCT SPOTLIGHT |
| The number 1 gift for the Holiday’s |
 During the holidays, or for that special occasion, many shoppers find it hard to find the right gift. That’s why so many choose gift cards. Gift cards can attract new business and boost sales all year long. Most recipients spend 25% more than the amount of the gift card. Gift cards can be used as promotional marketing tools, corporate/charitable gifts, merchandise returns and customer appreciation. Gift Cards are ideal for a variety of merchants such as restaurants, florists, landscaping, sporting goods, spas, salons, & auto repair shops. Business owners can check balances of all cards issued and receive daily reports of all cards processed. |
| As the 2009 peak Gift Card season approaches, please be aware of the following important delivery timeframes for both new and existing card orders. This schedule is effective from October 1, 2009 through December 31, 2009. |
|
| DID YOU KNOW? |
| NTC Texas recently attended the North Texas Health and Technology Forum. |
| A Mid Qualified sale is also known as a Partially Qualified sale. |
| How Retail transactions become Mid-Qualified: |
| • |
Transaction is hand-keyed with Address Verification (AVS) |
| • |
Batch was not closed daily, but within 48 hours |
| • |
More than one authorization is attempted |
| • |
Transaction is processed on a commercial card with sales tax and customer code included |
|
| Goals of PCI DSS |
| • |
Build and maintain a secure network |
| • |
Protect cardholder data |
| • |
Maintain a vulnerability management program |
| • |
Implement strong access control measures |
| • |
Regularly monitor and test networks |
| • |
Maintain an information security policy |
|
| ABOUT NTC TEXAS |
| An Elavon Payment Partner, NTC Texas enables your business with all the transactional capabilities of the processing network rated #1 by MasterCard for reliability and availability. Whatever size your business is now, together, we can make it grow. |
| • |
Healthcare Providers |
| • |
Retailers |
| • |
Veterinarians |
| • |
Web Developers |
| • |
eCommerce/eBusiness |
| • |
Legal |
| • |
Assisted Living & Nursing Homes |
| • |
Day Care Centers |
| • |
Salons/Spas |
| • |
Restaurants |
| • |
Entertainment |
| • |
Travel & Lodging |
| • |
Not -for-profit |
| • |
Business-to-Business |
| • |
Government & Utility |
|
 |
| CONTACT US |
NTC Texas
106 Decker Court Suite 260
Las Colinas, Texas 75062 |
Email: Info@NTC Texas.com
Web: www.ntctexas.com
Tel: 972.406.8111
Toll Free: 877.877.6511
Fax: 972.406.8611 |
|
|
| Card Order Type |
Thanksgiving Eve
Delivery Order Deadline |
Christmas Eve
Delivery Order Deadline |
| Basic |
Monday, November 16 |
Monday, December 14 |
| Standard * |
Monday, November 9 |
Monday, December 7 |
| Custom * (up to 50,000) |
Monday, October 26 |
Monday, November 23 |
| Custom * (over 50,000) |
As Quoted |
As Quoted |
|
| Please Contact NTC Texas for more information at 877.877.6511. |
| TECH TIP |
| Technical Guidelines for Protecting Stored Payment Card Data |
| Many merchants feel that for their business needs they must store card holder data. Merchants mistakenly believe that having the information locked in a drawer is out of harms way. This practice does not meet PCI DSS. There is no need, nor is it allowed, to store data from the magnetic stripe on the back of a payment card. If merchants have a legitimate business reason to store front-card information, such as name and account number, PCI DSS requires this data to be encrypted or made otherwise unreadable. |
| Software solutions for this requirement may include one of the following: |
| • |
One-way hash functions based on strong cryptography – also called hashed index, which displays only index data that point to records in the database where sensitive data actually reside. |
| • |
Truncation – removing a data segment, such as showing only the last four digits. |
| • |
Index tokens and securely stored pads – encryption algorithm that combines sensitive plain text data with a random key or “padâ€� that works only once. |
| • |
Strong cryptography – with associated key management processes and procedures. Refer to the PCI DSS and PA-DSS Glossary of Terms, Abbreviations and Acronyms for the definition of “strong cryptography.” |
|
|