Initiatives of the Payments Industry

Electronic Payments Industry Information

This section is provided by Global Payments Inc. as an informational tool to help you stay informed on pertinent industry information, Visa® and MasterCard® compliance requirements and other information about the electronic payments industry.

Securing Cardholder Account Information

Industry Regulations

Payment Card Industry Security Standards Council (PCI SSC)

The PCI SSC is the membership organization responsible for three important security standards related to safeguarding payment transaction data.

  • PCI DSS - Payment Card Industry Data Security Standard
  • PA DSS - Payment Application Data Security Standard
  • PCI PTS - Point of Sale PIN Transaction Security Standard

All parties involved in payment card acceptance must safeguard payment transaction data and comply with the applicable standard(s). If a system with payment card information is hacked or stolen, then the compromised party must take steps to report the data security breach and work with forensics investigators, law enforcement, merchant acquiring stall and others to report findings. The best defense is to implement data security operating policies, limit stored payment card data and safeguard data that is necessary.

Small Merchant Qualified Integrator and Reseller (QIR) Mandate

Merchant Obligations

The card associations developed the PCI DSS to help strengthen data security at the merchant level and combat credit card data compromises. Merchants with point-of-sale (POS) systems and computers with an internet connection are at significant risk for having sensitive data - such as customer credit card data - stolen. This kind of theft from security breaches at merchant locations - both large and small - has cost merchants millions of dollars in fines, restitution and reputation. All merchants with internal systems that store, process or transmit cardholder data must comply with Payment Card Industry (PCI) Security Standards.

PCI DSS Program for Level 4 Merchants

To demonstrate our level of commitment, Global Payments is creating a new Merchant Protection Program with a Qualified Payment Application Security Company to help Level 4 Merchants with their PCI DSS compliance validation. Merchants will receive additional information shortly.

EMV U.S. Migration

The card schemes have all implemented mandates to ignite the movement of EMV technology in the U.S. to help reduce credit card fraud and move towards the next level of technology.

Card Schemes Mandates

American Express

American Express will work alongside other industry participants to drive interoperability across the U.S. and other countries and support chip-based technology for chip and PIN, chip and Signature, contactless and mobile transactions. The company's key policy requirements and dates are:

  • Processors must be able to support American Express EMV chip-based contact, contactless and mobile transactions.
  • A merchant is eligible to receive relief from PCI Data Security Standard (DSS) reporting requirements if the merchants' point-of-sale (POS) acceptance locations, where 75% of its transactions occur, are enabled to process American Express EMV chip-based contact and contactless transactions.
  • Effective October 2015, American Express instituted a Fraud Liability Shift (FLS) policy that transferred liability for certain types of fraudulent transactions away from the party that has the most secure form of EMV technology. U.S. fuel merchants will have an additional two years.
  • Effective October 2017, the FLS takes effect for transactions generated from automated fuel dispensers.

For more information, visit American Express' website.
http://about.americanexpress.com/news/pr/2012/emv_roadmap.aspx


Discover

Discover announced it is implementing a US EMV mandate.

  • Acquirers/processors and direct-connect merchants in the U.S., Canada and Mexico must have the ability to accept contact and contactless EMV transactions. Discover's approach to EMV is both universal and choice-centric, meaning it will not restrict any channel, verification process or transaction type.
    • Discover will support:
      • All card authentication channels - including online and offline
      • All cardholder verification methods - including both chip & PIN or chip & Signature transactions
      • All commerce channels - including contact and contactless (which includes mobile)
  • Discover has granted PCI Audit Waivers for the annual PCI DSS audits for a merchant that processes 75% of both contact and contactless transactions.
  • Discover has instituted a fraud liability shift for all POS terminals excluding Automated Fuel Dispenser (AFD) merchants. This liability shift benefits the issuer or merchant that leverages the highest level of available payments security.
  • Effective October 2017: AFD merchants are eligible for the liability shift.

 

For more information, visit Discover's website.
http://www.discovernetwork.com/chip-card/index.html


MasterCard

MasterCard announce their U.S. EMV Roadmap which included all card authentication channels, all cardholder verification methods and all commerce channels.

For more information, visit MasterCard's website.
https://www.mastercard.us/en-us/merchants/safety-security/emv-chip.html

 

Visa

Visa announced their Accelerate U.S. EMV Chip Migration Strategy.


For more information, visit Visa's website.
http://usa.visa.com/merchants/payment_technologies/chip_card.html

Global Payments is striving to meet the industry mandates and assist our clients throughout their migration process.
- See more at: https://www.globalpaymentsinc.com/us/accept-payments/in-person/emv-card-acceptance

Merchant Class Action Litigation Settlement

In November 2012, the federal district court overseeing In re Payment Card Interchange Fee and Merchant Discount Antitrust Litigation (MDL 1720), the merchant class action interchange litigation against MasterCard, Visa and other defendants, preliminarily approved a class settlement agreement that resolves antitrust claims involving MasterCard and Visa's interchange and merchant acceptance rules in the U.S. and its territories.

Please see https://www.paymentcardsettlement.com/en for additional information and requirements.

MasterCard and Visa Changes

Following the class action litigation settlement, U.S. merchants are now allowed surcharge MasterCard and Visa Credit card transactions (not debit or pre-paid card transactions) at the "brand level" (i.e. MasterCard or Visa) or at the "product level," but not both, subject to the following requirements:

  • First, a U.S. merchant's surcharges on MasterCard and Visa Credit card transactions cannot exceed certain levels.
  • Second, for U.S. merchants that accept credit or charge cards of other payment network brands (i.e. American Express, Discover), surcharging practices are subject to a competitive "level playing field" limitation that depends on whether those payment network brands impose surcharge restrictions on credit cards and the merchants' costs of accepting those credit cards.
  • Third, a U.S. merchant that chooses to surcharge (MasterCard and Visa) Credit card transactions must satisfy notification and disclosure requirements to both the payment card network [MasterCard and Visa (beginning December 20, 2012)] and the merchant's acquirer at least 30 days prior to surcharging, which must identify whether the merchant intends to impose surcharges at the brand or product level.
  • Fourth, a U.S. merchant who surcharges must provide clear disclosure to the merchant's customers (1) at the point of store entry or in an online environment on the first page that references credit card brands, that the merchant imposes a surcharge that is not greater than its applicable merchant discount rate for MasterCard and Visa Credit card transactions; (2) at the point of interaction or sale with the customer, of the merchant's surcharging practices (including the amount of any surcharges that the merchant imposes and a statement that the surcharge is being imposed by the merchant), in a manner that does not disparage the brand, network, issuing bank or the payment card product being used; and (3) of the dollar amount of the surcharge on the transaction receipt provided by the merchant to its customers.

    Notification Procedures:

Merchant's Obligations - Federal and State Laws

Merchants must continue to respect a cardholder's decision to pay with MasterCard and Visa. The settlement does not impact merchants' existing obligation to accept for payment properly presented MasterCard and Visa cards, including rewards cards. In addition, the rule changes that MasterCard and Visa are implementing under the settlement do not affect any obligation of a U.S. merchant to comply with all applicable state or federal laws, including state laws regarding surcharging of credit or debit card transactions and federal and state laws regarding deceptive or misleading disclosures.

11 states or territories prohibit surcharging:

  • California
  • Colorado
  • Connecticut
  • Florida
  • Kansas
  • Maine
  • Massachusetts
  • New York
  • Oklahoma
  • Texas
  • Puerto Rico
  • Global Payments Inc. Card Acceptance Guide
  • Limited Acceptance Merchants For a definition on limited card acceptance, please refer to the Global Payments Card Acceptance Guide link above.

The information contained herein is for informational purposes only and Global Payments Inc. does not warrant the accuracy or completeness of the information. Although we believe the information to be reliable, we cannot guarantee that it will not be subsequently amended as a result of intervening factors such as rules changes from the card associations. The information contained herein is subject to change without notice and Global Payments Inc. does not undertake any responsibility to update this information after the date hereof. Global Payments Inc. does not endorse any external sites linked herein.