11 September 2009

2 Reliable Institutions that Regulate Credit Card Processing Entities

Credit card processors are mainly regulated by the Payment Card Industry Security Standards Council or PCI SSC.  The Federal Trade Commission (FTC) also plays a vital role in the operations of credit card processors.

Fraudulent activities have evolved their way with the widespread use of credit cards and other electronic forms of payment, affecting both end consumers and retailers accepting these payment forms.  With this concern, the fundamental need to regulate the quality of products and services that these credit card processors offer arises.  Especially with the increased competition in the credit card processing industry, the following regulators have played an important role in controlling these processors for everyone’s security:

Payment Card Industry Security Standards Council (PCI SSC)

The Payment Card Industry Security Standards Council (PCI SSC) is also known as the Payment Card industry (PCI).  This private council was originally developed by Visa International, MasterCard Worldwide, American Express, Discover Financial Services, and JCB to regulate credit card, debit card, ATM and other related companies.  It developed the Payment Card Industry Data Security Standard (PCI DSS) and PIN Transaction Security (PTS), which both aim to address security-related problems associated with the use of credit cards and other electronic payments.

  • Payment Card Industry Data Security Standard (PCI DSS).  This is the main standard created by the PCI SSC in 2006 to uphold consistent security measures in handling account data among credit card processing centers internationally.  This standard specifically aims to develop and maintain a secure network by requiring a firewall and non usage of default passwords for the systems used; to protect cardholder data by requiring encrypted keys, such as Secure Sockets Layer (SSL), upon transmitting cardholder information to credit card companies online; to protect credit card processing systems and applications by consistently updating anti-virus software; to employ strict control measures  by restricting access to cardholder data; and to uphold security policy by consistently monitoring security systems.  All these are required by the PCI SCC to help protect cardholder information entered online from being hacked or destroyed during credit card processing. As an online retailer, you can encourage repeat customers as they are assured of better security for the information they give out upon purchasing.

  • PIN Transaction Security (PTS).  This standard requires PIN entry devices used in credit card processing, such as point-of-sale (POS) and unattended payment terminals in some kiosks, to undergo the council’s evaluation, testing, and approval.  It aims to enhance security of the PIN entered, thus reducing potential risks for fraudulent activities.   It ensures you as a retailer that the PIN device you acquire and use in your business is safe for you and your customers.  In addition, PCI SSC updates its PTS standard every three years to address the fast-developing technology and the never-ending battle between hackers and security measures, thus letting you operate in a highly secure manner.

The Federal Trade Commission (FTC)

The Federal Trade Commission (FTC) is the US government entity that involves consumer protection and competition among different economic sectors.  Its duties include generating and monitoring strict implementation of laws and developing programs to educate and protect consumers as well as industry players, among others.  Affecting the credit card processing industry, it instituted the Fair and Accurate Credit Transaction Act (FACTA), primarily addressing the growing problem of identity theft.  Credit card processors are regulated in a way that certain requirements must be followed by these companies to ensure that the identity and confidential information of your clients as retailers are protected.  For example, FACTA requires that the transaction receipt must not show more than the last five digits of the credit or debit card.  It must also not show the expiration date of the card.  Both information are very confidential and are used in verifying transactions over the internet and over the phone, thus should not be made visible or known to other people, except the cardholder himself.

FTC also has a relevant control over credit processors with the FTC Act, giving it the authority to perform investigations involving organizations and companies engaged in trade, as well as their management, systems, and practices.  In fact, in the past few years, FTC was said to file and win cases against fraudulent credit card processors and even merchant account processors.  As a retailer, you are given due protection against these deceitful service providers that can be damaging to your business and your clients.  Although FTC can give you support and protection against deceitful providers, it is always good to do a research on customer reviews and feedback to avoid getting into this kind of trouble.  It is always wise to go for trusted credit card processors who, at the same time, can give you the best rates.

With the changing technology and persistence of frauds, no one is a hundred percent assured of security against these deceitful activities; but with the strict implementation of security standards in the industry and stringent government acts against fraudulent activities, you could be certain that there will always be enough protection to minimize such risk, as well as due government action when such incidents arise.

No comments:

Post a Comment