If you haven’t already received security warnings and compliance procedures from your credit card processor, you soon will.  Visa and MasterCard’s combined program is called Payment Card Industry (PCI) Data Security Standard.  However, if you use a stand-alone terminal and do not store transactions in a format other than hardcopy receipts for retrieval / chargeback purposes, YOU ARE NOT REQUIRED to complete the Questionnaire or to have an annual internet scan.

      The main area of concern has to do with web based transactions and those transmitted via the internet.  

     While the PCI Self Assessment Questionnaire and Network Scans are recommended for all merchants, it is only mandatory for those doing over 20,000 transactions per year of EITHER Visa or MasterCard (not combined).  The “Scan” referred to is an internet external facing scan which checks all of your internet connections and links.  It is available for about $150 from many sources.

     Items which should never be stored on a PC include the following:

·               Authentication data after a transaction has been made.

·               Contents of any track or magnetic strip.

·               CV2 Data (last 3 digits on signature side of card PIN Verification value.

     COCARD, as well as internet software PC Charge and IC Verify are all in compliance with PCI data security standards.

     Minimum steps which should be taken to protect PC usage and yourself include the monitoring and use of a unique user ID for computer access.  Anti Virus software should also be installed.

     For more information we recommend you contact COCARD, Philip Anderson at 315-414-0107 or 800-333-0826.  COCARD offers special rates for our membership.  %