Payment Card Policies
Payment Card Policies
- Credit Card Policy
- Cardholder Merchant Agreement & Request Form
- Cardholder Data Processing Agreement & Annual Training Form
- PCI Agreement with Service Providers
- PCI Definitions, Links, and Contacts
- PCI Hierarchy
Merchant Policies Templates and Supplemental Forms
All merchants must select the correct template, update the template, save, and keep on file for their particular merchant environment.
- Category 1 - All credit card processing is outsourced.
- Category 2 - Merchant only processes payments using a dial up (copper phone line or cellular) terminal.
- Category 1 and 2 - Merchant Business Unit processes payments by dial up or cellular terminal and accepts payments by outsourced e-commerce website
- Category 1, 2, and 4 - Merchant business Unit processes payments by dial up or cellular terminal and accepts payments by outsourced e-commerce website and also by virtual terminal.
- Category 3 - Merchant only processes payments using an IP terminal.
- Category 3 and 1 - Merchant Business Unit processes paymnets by IP terminal and accepts payments by outsourced e-commerce website
- Category 4 - Merchant only processes payments using a web-based (virtual terminal, and does not store cardholder data electronically.
- Category 5 - Merchants which store cardholder data in electronic format, or does not fit categories 1 through 4.
- Category P2PE - Merchant only processes payments using a validated P2PE solution or is using an E2EE solution that was verified by an application penetration test.
Merchant Operational Policies and Procedures Templates
General Merchant Policies
- Information Security Policies
- Incident Response Plan
- Identity Theft
- Cash Receipts Manual - Credit Card Payments
- Records Retention
- Visitor Access
- Password Security
IT / Advanced Security Policies
- Firewall Policy
- Point of sale Security Guide
- Secure Sockets Layer (SSL)
- Best Practices for Database Mgmt. Systems
- Data Classification
- Source Code Analyzer
- Data Center
- Full Disk Encryption
- Email Encryption
- Secure TrasmIT (Encrypted File Transfer System)
- Sign on Authentication for Web Applications
- Mobile Security