 |
 |
| Check the Visa and MasterCard merchant sites for more information on the Rules and Regulations regarding card acceptance. |
 |
 |
 |
To protect cardholder information and to deter fraud, the Card Associations prohibit the storage of the full contents of any track data on the magnetic-stripe and the Visa Card Verification Value 2 (CVV2) or MasterCard Card Validation Code 2 (CVC2). These rules prohibit merchants or their agents from storing the magnetic-stripe data after the response to the authorization request has been received. Due to the serious nature of compromising cardholder data, both Card Associations have implemented substantial penalties for non-compliance.
The CVV2 and CVC2, a unique three-digit code imprinted on the signature panel of the Visa and MasterCard cards, helps merchants in the card-not-present environment manage risk by confirming the presence of the card during the authorization process. Neither the full contents of the magnetic-stripe data nor the CVV2 or CVC2 can be stored after the response to an authorization request has been received. Additional requirements include:
- A terminal at the point of sale must not display or store full magnetic-stripe data
- Individual elements of the magnetic-stripe data, such as card account number, expiration data and cardholder name, may be retained on paper, microfiche or an online secure site file for financial record keeping
- CVV2 and CVC2 data must not be stored after the response to an authorization request has been received
- Storage of data containing individual elements of the magnetic-stripe must be kept in an area limited to selected personnel and rendered unreadable prior to discarding
Visa merchants who have been found to be storing full-track data and have not corrected the issue will be assessed the following fines:
- This will begin with a penalty of up to $50,000 for each merchant
- Thereafter Visa will assess a fine of up to $100,000 to the merchant on a monthly basis until the merchant has demonstrated that track data has been removed from each merchant’s systems
Disclaimer: This document contains a compilation of information received from various sources. This information is presented solely for the convenience of the reader and should not be used as a substitute for your own research and reference to actual regulations and/or other official documents, or as a substitute for consulting your legal advisor. SPC Inc. d/b/a First National Merchant Solutions and its parents and affiliates are not responsible for inaccurate, outdated, or incomplete information. All information contained herein is subject to change.
 |
 |
