Home | How Cards Work | Products | Services | PCI | About Us | FAQ | Contact


Company
Who are the parties involved in the whole system?
Who are our processors?
Who are TSYS/TransFirst, Global Payments, Elavon and First Data?
What is a Processor?
What is an acquirer?
What services does Straightline offer besides unbeatable rates on merchant accounts?
Who do I call for support?
Who pays for airline miles and other rewards?
Who can qualify for accepting credit cards?
Who should I trust in this very confusing industry?
Who has the best rates?
What are the fees involved with accepting credit cards?
What is a Downgrade?
What is a Virtual Terminal?
What is a Terminal?
What type of terminal do I need?
How can I get the best possible rates while processing cards?
Can I surcharge my customers who pay with a credit card?
Sometimes we need to store credit card numbers, so how do we do it?
How long does it take for my deposits to become available in my checking account?
What do I do to get started?
What is the turnaround time for getting everything set up?

Processing
Who is not allowed to accept credit cards?
What is a Chargeback?
How do Chargebacks work?
What is an Authorization Fee?
What is an Assessment Fee?
What is a Settlement Fee?
When will my money be available in my checking account?
How can I determine my True Cost?
How many terminals can I use simultaneously?
Customers payments with gift cards are not processing
How can I secure my wireless connection?
Can I charge a surcharge fee for those who use credit cards?
Can I offer a discount for those that don/'t use a credit card?

Securing Customer Credit Card Data
What is PCI Compliancy?
What does PCI mean?
Do I have to comply with PCI?
  • What information does Visa offer about payment applications and PCI compliancy?
  • This text is from Visa.com on February 6, 2010: Payment ApplicationsVisa developed the Payment Application Best Practices (PABP) in 2005 to provide software vendors guidance in developing payment applications that help merchants and agents mitigate compromises, prevent storage of sensitive cardholder data (i.e. full magnetic stripe data, CVV2 or PIN data) and support overall compliance with the PCI Data Security Standard (PCI DSS). Since 2005, 254 vendors independently validated 555 products against the PABP through a Qualified Security Assessor (QSA) trained in the PABP. In 2008, the PCI Security Standards Council (PCI SSC) adopted Visa’s PABP and released the standard as the Payment Application Data Security Standard (PA-DSS). The PA-DSS now replaces PABP for the purpose of Visa’s compliance program. Lists of Validated Payment Applications The PCI SSC is currently transitioning all 555 products previously validated under the PABP over to a consolidated list located at the PCI SSC website, comprised of the validated PABP applications and newly validated PA-DSS applications. During this migration, both Visa’s list and the PCI SSC’s list will be available to ensure a smooth transition. All new payment application assessments should undergo PA-DSS validation by a Payment Application Qualified Security Assessor (PA-QSA) and listing with the PCI SSC. PCI SSC List of PA-DSS Validated Payment Applications Visa List of PABP Validated Payment Applications On this page Payment Application Data Security Standard Notify Visa of Vulnerable Payment Applications Payment Application Security Mandates For more information Payment Application Data Security Standard Visa strongly encourages payment application vendors to develop and validate the conformance of their products to the PA-DSS. PA-DSS compliant applications help merchants and agents mitigate compromises, prevent storage of sensitive cardholder data, and support overall compliance with the PCI DSS. PA-DSS applies only to third-party payment application software that stores, processes or transmits cardholder data as part of an authorization or settlement. PA-DSS does not apply to software applications developed by merchants and agents for in-house use only. These in-house software applications are covered within a merchant or agent’s PCI DSS assessment. The PCI SSC is responsible for maintaining and updating the PA-DSS and all related documentation, Payment Application Qualified Security Assessor (PA-QSA) qualification and training, Reports of Validation (ROV) submissions and quality assurance as well as the listing of PA-DSS validated payment applications. For more information on the PA-DSS, including validation requirements and a list of PA-DSS validated applications please visit the PCI SSC website at www.pcisecuritystandards.org. Notify Visa of Vulnerable Payment Applications Visa has identified that certain payment applications are designed by software vendors to store sensitive cardholder data (i.e. full magnetic stripe data, CVV2 or PIN data) subsequent to transaction authorization. Storage of these cardholder data elements is in direct violation of the PCI DSS and Visa rules. Criminals are targeting merchants and agents that use these vulnerable payment applications and are exploiting these security vulnerabilities to find and steal cardholder data. On a quarterly basis, Visa proactively alerts key stakeholders, including acquirers to help mitigate compromises with an updated list of vulnerable payment applications. If you discover a vulnerable payment application and have specific information as to the payment application vendor, application version, where sensitive cardholder data is stored and vendor contact information, please notify Visa via email at cisp@visa.com. All information provided will be verified through the software vendor, Visa will not reveal to any software vendor the source of information or disclose information that would reveal the source’s identity. Payment Application Security Mandates On January 1, 2008, Visa implemented a series of mandates to eliminate the use of vulnerable payment applications from the Visa payment system. These mandates require acquirers to ensure that their merchants and agents do not use payment applications known to retain sensitive cardholder data (i.e. full magnetic stripe data, CVV2 or PIN data) and require the use of payment applications that are compliant to the PA-DSS. While the use of PA-DSS validated payment applications is recommended, a payment application need not be included on Visa’s list of PABP validated payment applications or PCI SSC’s list of PA-DSS validated payment applications in order to comply with Phase 2, Phase 3 and Phase 5 requirements for use of PA-DSS compliant applications. Acquirers may determine the PA-DSS compliancy of a payment application through alternate validation processes, which should confirm that payment applications meet PA-DSS requirements and should facilitate compliance with the PCI DSS. Outlined below are each of the five mandates, which will take effect over the next three years. Phase Compliance Mandate Effective Date 1. Newly boarded merchants must not use known vulnerable payment applications, and VisaNet Processors (VNPs) and agents must not certify new payment applications to their platforms that are known vulnerable payment applications 1/1/08 2. VNPs and agents must only certify new payment applications to their platforms that are PA-DSS-compliant 7/1/08 3. Newly boarded Level 3 and 4 merchants must be PCI DSS compliant or use PA-DSS-compliant applications* 10/1/08 4. VNPs and agents must decertify all vulnerable payment applications** 10/1/09 5. Acquirers must ensure their merchants, VNPs and agents use only PA-DSS compliant applications 7/1/10 [THIS IS AN IMPORTANT FOOTNOTE]* In-house use only developed applications & stand-alone POS hardware terminals are not applicable ** VisaNet Processors (VNPs) and agents must decertify vulnerable payment applications within 12 months
How do I contact the payment card brands?
What are the consequences to my business if I do not comply with the PCI DSS?
(704) 523-1212 | FAX (704) 631-4758 | info@straightlineprocessing.com
Straightline Processing is a registered ISO of Wells Fargo Bank, N.A., Concord, CA
Copyright 2005-2019 Straightline Processing, Inc