Some of you may have already received information either from Sage or from your credit card processer concerning new credit card standards that go into effect July 1, 2010. In an effort to mitigate credit card data compromises, the credit card brands (VISA, Master Card, etc.) have mandated new compliance requirements for any business that stores, processes or transmits cardholder data. This affects any business or service provider that accepts credit card payments, whether the business uses the MAS 90 Credit Card Processing module or if they process payments through a secured website. Businesses must be in compliance by July 1, 2010 or your processor may either not allow you to process your credit card payments or may assign fines until you are in compliance.

Since this is a complex process and can be confusing, please review the Frequently Asked Questions document from Sage. It will hopefully answer a number of your questions.

Compliance consists of two parts:

1. Completing the PCI Self-Assessment Compliance Questionnaire annually at an Approved Scanning Vendor site.
2. Undergoing Vulnerability Scans performed by an Approved Scanning Vendor quarterly. This is accomplished with a download from an Approved Vendor site.

The Approved Scanning Vendor that Sage and Sage Payment Solutions are using is Trustwave. There are other Approved Scanning Vendors and your credit card processor may require you to use a different vendor. Validation actions vary depending on your Service Provider or your Merchant level (based on the number of credit card transactions annually).

If you do process and transmit your credit card payments using the MAS 90 or 200 Credit Card Processing module or if you even just store customer credit card information within MAS 90 or 200, you will need to be on MAS 90 or 200 version 4.30 with Service Release 18 or on version 4.4 with Product Release 1. Only these specific versions are certified by Sage to be compliant with the Credit Card Compliance Requirements. If you use the MAS 90 or 200 Credit Card Processing module or store customer credit card data in MAS 90 or 200 and are currently on version 4.3 or 4.4, please contact our office to schedule the install of Service Release 18 for version 4.3 or Product Update 1 for 4.4. If you are on an older version of MAS 90 and use the Credit Card Processing module to process and transmit your credit card payments, we will need to either upgrade you to 4.3 or 4.4 or find an alternative processing method.

Please read through the FAQs and if you have questions or need help with the Self-Assessment Questionnaire, give us a call. Additional information is available at our Web site www.pskansas.com. There is of course a charge for all of this. Each processor has its own fee schedule, but if you use Sage Payment Solutions there will be a $50 annual fee that will show up on your monthly statement as Level 4 PCI SAQ/IP Scan Svcs within the next couple of months. Keep in mind - The questionnaire must be completed annually and the vulnerability scan must be performed quarterly.

Learn more about the new compliance requirements:
» PCI Frequently Asked Questions
» MAS 90 Credit Card Implementation Guide
» More Information on Credit Card Compliance