Go to navigation Go to content
opener

Payment Card Policies

Payment Card Policies
Merchant Policies Templates (VERSION 3.2)

ALL merchants must select the correct template, update the template, save, and include with their merchant manual.

Merchant Specific Policies & Procedures Template Description Operational Policies & Procedures Template Description
Category 1 All credit card processing is outsourced. Category 1 All credit card processing is outsourced.
Category 2 Merchant only processes payments using a dial up (copper phone line or cellular) terminal. Category 2 Merchant only processes payments using a dial up (copper phone line or cellular) terminal.
Category 2 and 1 Merchant Business Unit processes payments by dial up or cellular terminal and accepts payments by outsourced e-commerce website. Category 2 and 1 Merchant Business Unit processes payments by dial up or cellular terminal and accepts payments by outsourced e-commerce website.
Category 3 Merchant only processes payments using an IP terminal. Category 3 Merchant only processes payments using an IP terminal.
Category 3 and 1 Merchant Business Unit processes payments by IP terminal and accepts payments by outsourced e-commerce website. Category 3 and 1 Merchant Business Unit processes payments by IP terminal and accepts payments by outsourced e-commerce website.
Category 4 Merchant only processes payments using a web-based (virtual terminal, and does not store cardholder data electronically. Category 4 Merchant only processes payments using a web-based (virtual terminal, and does not store cardholder data electronically.
Category 4, 2, and 1 Merchant Business Unit processes payments by dial up or cellular terminal, accepts payments by outsourced e-commerce website, and also by virtual terminal. Category 4, 2, and 1 Merchant Business Unit processes payments by dial up or cellular terminal, accepts payments by outsourced e-commerce website, and also by virtual terminal.
Category 5 Merchant only processes payments with payment application systems connected to the internet and NO electronic cardholder data storage. Category 5 Merchant only processes payments with payment application systems connected to the internet and NO electronic cardholder data storage.
Category 5 and 1 Merchant Business Unit processes payments with payment application systems (NO electronic cardholder data storage) and also with outsourced e-commerce website. Category 5 and 1 Merchant Business Unit processes payments with payment application systems (NO electronic cardholder data storage) and also with outsourced e-commerce website.
Category 5 and 2 Merchant Business Unit processes payments with payment application systems (NO electronic cardholder data storage) and also with dial up or cellular terminals. Category 5 and 2 Merchant Business Unit processes payments with payment application systems (NO electronic cardholder data storage) and also with dial up or cellular terminals.
Category 5, 2, and 1 Merchant Business Unit processes payments with payment application systems (NO electronic cardholder data storage), dial up or cellular terminal, and outsourced e-commerce website. Category 5, 2, and 1 Merchant Business Unit processes payments with payment application systems (NO electronic cardholder data storage), dial up or cellular terminal, and outsourced e-commerce website.
Category 5, P2PE, and 2 Merchant Business Unit processes payments with payment application systems (NO Electronic cardholder data storage), dial up or cellular terminal, and P2PE solution. Category 5, P2PE, and 2 Merchant Business Unit processes payments with payment application systems (NO Electronic cardholder data storage), dial up or cellular terminal, and P2PE solution.
Category P2PE Merchant only processes payments using a validated P2PE solution or is using an E2EE solution that was audited by our QSA and scope reduction was granted by our acquiring bank. Category P2PE Merchant only processes payments using a validated P2PE solution or is using an E2EE solution that was audited by our QSA and scope reduction was granted by our acquiring bank.
Category P2PE and 1 Merchant Business Unit processes payments using validated P2PE solution and is also processing payments by outsourced e-commerce website. Category P2PE and 1 Merchant Business Unit processes payments using validated P2PE solution and is also processing payments by outsourced e-commerce website.
Category P2PE and 2 Merchant Business Unit processes payments using validated P2PE solution and is also processing payments by dial up or cellular terminal(s). Category P2PE and 2 Merchant Business Unit processes payments using validated P2PE solution and is also processing payments by dial up or cellular terminal(s).
Category P2PE, 2, and 1 Merchant Business Unit processes payments using validated P2PE solution, by dial up or cellular terminal, and also by outsourced e-commerce website. Category P2PE, 2, and 1 Merchant Business Unit processes payments using validated P2PE solution, by dial up or cellular terminal, and also by outsourced e-commerce website.
 
Supplemental Forms

Diagram Guidance

Responsibility Checklists

General Merchant Policies

IT / Advanced Security Policies

Reviewed 2016-11-09.