Laserfiche WebLink
• You must restrict physical access to Cardholder information. You must obtain an Authorization Approval C�' ` ' `' d <br /> • You may not transmit Cardholder account numbers to Cardholders for in Section 5.4)for all transactions.A positive a 6.1.D. - Page 23 <br /> Internet transactions. MasterCard remains valid for seven(7)days for electronic processed trans- <br /> actions.For true paper merchants for MasterCard and Visa transactions <br /> • You cannot store or retain Card Validation Codes(three-digit values the Authorization remains valid for thirty(30)days.A positive authorization <br /> printed in the signature panel of most Cards,and a four digit code response for Discover transactions remains valid for ninety(90)days. <br /> printed on the front of an American Express Card). Failure to settle within these timeframes,may result in a late presentment <br /> • You cannot store or retain Magnetic Stripe data,PIN data or AVS data. Chargeback. <br /> Only Cardholder account number,Cardholder Name and Cardholder Failure to obtain an Authorization Approval Code for a sales transaction <br /> expiration date can be retained subsequent to transaction authorization. may result in a Chargeback and/or the termination of your Agreement. <br /> • You must destroy or purge all Media containing obsolete transaction Authorization Approval Codes can be obtained through your POS Terminal <br /> data with Cardholder information. or a Voice Response Unit("VRU").Any fees related to Authorizations will <br /> be charged for a request for an Authorization Approval Code,whether or <br /> • You must keep all systems and Media containing Card account, not the transaction is approved. <br /> Cardholder or transaction information(whether physical or electronic) <br /> in a secure manner so as to prevent access by,or disclosure to any Do not attempt to obtain an Authorization Approval Code provided by <br /> unauthorized party. someone other than us except as described in Section 5.4.If a Cardholder <br /> or another service provider provides you with either an authorization <br /> • For Internet transactions,copies of the transaction records may be number or with a telephone number for obtaining Authorizations,the <br /> delivered to Cardholders in either electronic or paper format. Authorization Approval Code you receive may not be valid.Even if the <br /> 4.3. You may be subject to ongoing validation of your compliance with transaction is initially processed and funded,it may be charged back at a <br /> PCI DSS standards.Furthermore,we retain the right to conduct an audit at later date.Also,if you receive a purported Authorization Approval Code <br /> your expense,performed by us or a third party designated by us to verify from someone other than us,we will not have the supporting records and <br /> your compliance,or that of your agents or third party providers,with will be unable to verify that you received the authorization if that is later <br /> security procedures and these Operating Procedures. questioned in a Chargeback. <br /> 4.4. In the event that transaction data suspected of having been An Authorization Approval Code only indicates the availability of Credit <br /> accessed or retrieved by any unauthorized person or entity,contact on an account at the time the Authorization is requested.It does not <br /> Customer Service or your Relationship Manager immediately and in no warrant that the person presenting the Card is the rightful Cardholder,nor <br /> event more than 24 hours after becoming aware of such activity. is it a promise or guarantee that you will not be subject to a Chargeback. <br /> 4.5. You must,at your own expense(i)perform or cause to be performed if you obtain Address Verification,you must review the AVS response <br /> an independent investigation(including a forensics analysis)of any data separately from the authorization response and make your own decision <br /> security breach of Card or transaction data,(ii)perform or cause to be about whether to accept the transaction.A transaction can receive an <br /> performed any remedial actions recommended by any such investigation, Authorization Approval Code from the Card Issuer even if AVS is unavailable <br /> and(iii)cooperate with us in the investigation and resolution of any or reflects that the address provided to you does not match the billing <br /> security breach. address on file at the Issuer.If the authorized Cardholder disputes such a <br /> transaction,you will be responsible for the resulting Chargeback. <br /> 4.6. Required Information for Discover Security Breaches. <br /> For security breaches involving Discover transactions and/or track data, If you receive a Referral response to an attempted Authorization,you may <br /> you must provide us and/or Discover with the following information: not submit the transaction without calling for and receiving a voice <br /> (i)the date of breach;(ii)details concerning the data compromised(e.g., authorization.After receiving a Referral response you may not attempt <br /> account numbers and expiration dates,Cardholder names and addresses, another Authorization on the same Card through your POS Terminal. <br /> etc.);(iii)the method of such breach;(iv)your security personnel contacts; If you fail to obtain an Authorization Approval Code or if you submit a Card <br /> (v)the name of any person(including law enforcement)assisting you with transaction after receiving a decline(even if a subsequent Authorization <br /> your investigation of such breach;and(vi)any other information which attempt results in an Authorization Approval Code),your transaction may <br /> we reasonably request from you concerning such breach,including result in a Chargeback and may be assessed fines or fees by the Associa- <br /> forensics reports.You shall provide such information as soon as tions for which you will be responsible.These currently range from$25 to <br /> practicable,and the items listed in(i)-(v)shall be provided to us in any $150 per transaction.To avoid these costs and related Chargebacks,always <br /> event within 48 hours of your initial notification to us of the breach. obtain an Authorization Approval Code directly from your terminal before <br /> 4.7. Third Parties.The data security standards set forth above also apply submitting a transaction for settlement. <br /> to any agent or third party provider that you may use to store,process or For Cards other than MasterCard,Visa and Discover(e.g.,American Express, <br /> transmit Cardholder data.In addition,such agents or third party providers JCB,etc.)or for check acceptance,you must follow the procedures for <br /> must be registered with the applicable Association.Therefore,you must: authorization and acceptance for each. <br /> • Notify us in writing of any agent or third party processor that engages You may not attempt to obtain multiple Authorizations for a single <br /> in,or proposes to engage in,the storing,processing or transmitting of transaction.If a sale is declined,do not take alternative measures with <br /> Cardholder data on your behalf,regardless of the manner or duration the same Card to obtain an approval of the sale from other authorization <br /> of such activities. sources.Instead,request another form of payment.If you accept and <br /> process a transaction that was declined,or attempt multi-transactions <br /> • Ensure that all such agents or third party processors are(i)registered and/or multi-Authorizations,you are subject to a Chargeback,Association <br /> with the applicable payment card brands;and(ii)comply with all Fines and/or cancellation of your Agreement. <br /> applicable data security standards,including,without limitation,the <br /> PCI DSS. 5.1. Card Not Present Transactions. You should obtain the 3-digit <br /> Card Validation Code(CW2,CVC2,CID)and submit this Code with all <br /> You are solely responsible for the compliance of any and all third parties authorization requests with respect to transactions where the Card is not <br /> that are given access by you,to Cardholder data,and for any third party present(e.g.,telephone,mail or internet sales).However,for recurring <br /> software that you may use. transaction Authorizations you should submit the Card Validation Code <br /> with the first authorization request only,and not with subsequent recurring <br /> transaction authorization requests.(See Section 1.7) NOTE: For each <br /> Each authorization request you submit to us must fully comply with the Card Not Present Discover transaction,you must also verify the name <br /> applicable provisions of this Agreement.Submission of an authorization and billing address of the Discover Cardholder using the Address <br /> request that does not fully comply may result in assessment of additional Verification System(AVS),and if you do not receive a positive match, <br /> fees to you,a declined authorization response or a Chargeback to you. do not process the Discover Card Not Present transaction. <br /> WFB1301 9 <br />