Non-receipt of PCI Validation fee for $19.95 showing up on your merchant statements? This is normally from failure to complete your required PCI Compliance paperwork at SecurityMetrics.com. What paperwork? If you’re one of my customers, below is what was sent in the mail from Security Metrics.

PCI compliance validation FAQ (PDF)
Security Metrics Enrollment (PDF)
Payment Processor Letter Security Metrics Overview (PDF)

DISCLAIMER:  Your documents and fees may vary. Newer documents may have been published since these. Please contact your processor for specific information about your PCI Compliance statement fees.

This subject was highlighted in the January 3D Merchant newsletter. First Data created a mandatory PCI Compliance Assistance Service Program in 2009. Since so many merchant processors have First Data relationships, the reach is huge. Security Metrics administers the program, which has a mandatory annual fee and compliance certification requirement. Merchants MUST return the PCI Compliance Validation form in a timely manner. If you do not return the form, or are not PCI Compliant, you’ll be charged $19.95/month. All fees are deducted from your merchant account. I’ve already seen this fee appear on a Sun Trust merchant statement from a non-customer as “non-receipt of PCI Validation” so please turn in your paperwork per the instructions.

A few merchants I’ve spoken to said they didn’t receive the letter from Security Metrics  but they are getting billed. Unfortunately, this is basically a blind program. We don’t know when letters are sent, and don’t know there is a problem until the non-compliance fee shows up. Merchants should read the ALERT messages that appear on their statements. There is information about upcoming fee changes, and other critical messages.

WHO GETS THE LETTERS?

It’s delivered to the same name and address that merchant statements are sent to. If you have an old name on your merchant statement, update your records.

WHEN ARE THE LETTERS SENT? They are being sent at random until every merchant receives them.

WHAT IF I DON’T HAVE A LETTER, BUT I’M GETTING A MONTHLY Non-receipt of PCI Validation FEE? If you’re one of my customers, you can go straight to SecurityMetrics.com and register. Your company is in the database and you’re automatically billed on your merchant statements.

DO I NEED TO FAX OVER THE ENROLLMENT FORM? No. That is one of the options. I recommend  that you simply start with the online form.

DO I NEED TO KNOW ALL THE ANSWERS BEFORE I START ONLINE? No, but I recommend you visit the PCI Security Standards web site first and download the appropriate SAQ (self attestment questionairre). That way when you do online you can zip through the questions.

WHAT IF I’VE ALREADY BEEN CERTIFIED BY ANOTHER APPROVED VENDOR?  You can submit your certification documentation via fax to 402-916-8240 or via email. Contact your processor or sales agent for details.

IS THE MONTHLY FEE PERMANENT? No. The fee is for non-receipt of materials. Once you are proven PCI Compliant, the fee will come off, however, it may not be immediate.

related articles:

First Data PCI Compliance fee

First Data Merchants Attain Record PCI Compliance

TransArmor^SM Solution Piloted by Spectrum of Brick-and-Mortar and Card-Not-Present Retailers; First Commercial Transaction Tokenized on STAR® Network

RSA CONFERENCE 2010 – SAN FRANCISCO, March 1, 2010 – First Data Corporation, a global leader in electronic commerce and payment processing, today announced the expansion of a merchant pilot of the First Data^® TransArmor^SM solution. More than 400 U.S. merchants of all sizes will assess the comprehensive data security solution over the next four months. The TransArmor solution (previously called First Data^® Secure Transaction Management^SM) was developed in close partnership with EMC Corporation (NYSE: EMC).

The TransArmor secure payments service is designed with the needs of merchants in mind, and it has the opportunity to fundamentally change the way merchants secure and manage cardholder data. The TransArmor solution addresses the root cause of merchant data security issues by removing payment card data from the merchant environment as part of processing the transaction, significantly reducing risk and the scope of PCI compliance efforts.

Deploys RSA SafeProxyâ„¢ Architecture
The solution leverages the RSA SafeProxy^TM architecture, a powerful combination of asymmetric encryption, tokenization and key management engineered to provide the benefit of end-to-end protection and eliminate on-site cardholder data storage for merchants. Unique features of the token make it possible for merchants to continue to handle key business functions such as returns, recurring billing, loyalty programs and other analysis, without enabling card data to be used for fraudulent transactions.

On Feb. 26, 2010, the TransArmor solution tokenized the very first commercial transaction over the STAR® Network at the Center of Science & Industry (COSI) in Columbus, Ohio. A First Data company, STAR is one of the nation’s leading electronic funds transfer (EFT) networks with more than two million retail and ATM locations.

As an early participant in the TransArmor pilot, COSI is already experiencing the benefits of the solution. “Like most consumers today, several of our customers had concerns about the safety of their credit and debit card data while visiting our center. TransArmor gives us peace of mind that their payment card data is locked in a virtual vault at First Data and nowhere on site at COSI,” said Brad Morgan, senior IT operations manager at COSI.

Works with Existing Merchant Hardware
Unlike some solutions in the marketplace, the TransArmor solution can be implemented without the need for new hardware or back-end IT operations. The solution works with First Data as well as other terminals or point-of-sale systems and can be consistently applied across brick-and-click environments.

“The response from merchants interested in participating in this trial has been enormous and a testament to the sought-after service TransArmor delivers,” said Craig Tieken, vice president of Merchant Product Management at First Data. “Up until now, there have been few easy and cost-effective solutions to the growing problem of managing the risks of handling sensitive payment card data. TransArmor represents a fundamental change in how merchants can confidently protect and manage cardholder data.”

The consequences of a merchant data compromise in legal, financial, consumer confidence and brand loyalty terms can be overwhelming. According to the 2009 U.S. Cost of a Data Breach Study by the Ponemon Institute, the average cost for merchants coping with a data breach in 2009 rose to $6.7 million with the cost per customer record breached estimated at $204. With the TransArmor solution, customer card information is retained only at the processor and protects merchants from the dangers of malicious attacks designed to steal payment card data in transit or in storage from merchant databases.

“Implementing effective data security can’t mean more complexity for businesses,” said Brian Fitzgerald, vice president, Marketing, RSA, The Security Division of EMC. “TransArmor successfully embeds industry-leading security technology into the payment processing infrastructure to make it available to, and more importantly, usable, by merchants of all sizes. TransArmor is an example of the type of partnerships required from industry leaders that will reduce the reliance on point solutions and enable an industry ecosystem with pervasive built-in security.”

Teams from RSA and EMC Consulting worked collaboratively with First Data through product strategy development and technology proof of concept for a successful pilot and product launch.

About First Data
First Data powers the global economy by making it easy, fast and secure for people and businesses to buy goods and services using virtually any form of electronic payment. Whether the choice of payment is a gift card, a credit or debit card or a check, First Data securely processes the transaction and harnesses the power of the data to deliver intelligence and insight for millions of merchant locations and thousands of card issuers in 36 countries

FD-30 PIN pad discount sale $185. The FD30 combines contactless reader technology, a traditional magnetic-stripe reader and a PIN pad in one compact unit. 2010 PED compliant, it’s the newest device from First Data. The device is able to accept PIN-secured and signature debit cards, credit cards, EBT cards plus a variety of contactless cards, key fobs and mobile payment supported devices.

If you’re investing in new pin pads now, you might as well get this one if you are on First Data, because contactless payment methods are expected to explode in the next 12 months. MasterCard has already issued over 50 million contactless cards and devices. Pin debit reduces merchant risk since there are no chargebacks, plus reduces costs in most cases.

In summary, the main differences between this and other pin pad devices are:
- Interactive payment process with lights and audio cue. This keeps lines moving fast and you are more likely to convert transactions to pin debit vs signature debit.
- Accepts all credit, debit and gift contactless cards, key fobs and other form factors including POS-enabled mobile devices.
- Field-upgradable to accept new payment types and enhancements as they become available.

If you process under $1,000,000 per month, this is a fine solution if you are on the First Data network, one of the three largest in the USA.
If you process over $1,000,000 per month, you’ll want to explore a more robust CenPOS soution to increase pin debit usage.

CALL 954-942-0483 TO ORDER.

FD-30 Pin pad brochure

Why am I offering this great price? Do I want to sell lots of equipment? No. I hope that you’ll give me the opportunity to help you control your credit card processing costs through a managed service.

Do you know the difference between costs you can control and costs that you cannot?

Do you know what interchange costs are?

Do you know how you can influence which levels of interchange you qualify for?

How are you managing interchange qualification now?

If you qualify, we have several programs to help you PERMANENTLY control payment processing costs. Keep your payment processor or change your payment processor. We have different plans for different circumstances including pay upfront, or pay nothing. Here’s more info to get for a merchant account analysis.