Merchant Bank Card Services
Your local business deserves local service.
With our merchant services, you get the safety and soundness you expect plus the technology to accept the payments you want. From counter-top machines to internet shopping carts and mobile devices, we have the technology you need. And, because payments come in many forms, we offer terminals to accept EMV chip cards, Near-Field Communications, mobile payments, and even traditional checks.
- What should Merchants know about EMV?
- How do I become PCI compliant?
- What is Near Field Communication?
What is EMV?
EMV stands for “Europay, MasterCard, and Visa.” EMV is a transaction between a chip-enabled credit card and an EMV-enabled payment terminal or ATM. And here’s why you need to know about it: EMV is the technological standard for credit card processing in the United States.
EMV Chip Cards are much more secure than the old magnetic stripe cards we’re used to seeing. EMV cards contain a tiny computer chip that talks back and forth with the payments terminal to make sure you’re not a fraudster.
EMV cards are steadily making their way into mainstream rotation. But to process those cards as an EMV transaction, you need an EMV reader. Why? For one, EMV transactions are more secure for both you and your customers. And secondly, the liability shift happened on October 1, 2015 — which means you could be on the hook for certain types of fraudulent transactions if you don’t have an EMV reader.
We have simplified the effort that you must undertake to validate your compliance. At your earliest opportunity, please visit us on the Web at https://www.pciapply.com/pci2/pci_fihd_login.aspx to log in to your merchant account and complete the necessary steps to become certified as compliant. If you have any trouble logging in to the system or require assistance completing the process, please contact the PCI Compliance Helpdesk at (877) 277-1176.
Again, your compliance is required. Your benefits include:
- PCI Management Education
- PCI Management Self Assessment Questionnaire
- PCI recommended Data Security Policy for you and your company
- Unlimited System Scans for up to 5 IP addresses, if required.
PCI Compliance Validation Service Program Frequently Asked Questions
What is PCI DSS?
The Payment Card Industry (PCI) Data Security Standard (DSS) is a set of requirements for enhancing payment account data security. These standards were developed by the PCI Security Standards Council, which was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa, Inc. to facilitate industry-wide adoption of consistent data security measures on a global basis. The standard aims to increase awareness and promote best practices in the handling of sensitive information as a means to minimizing identity theft and fraudulent transactions.
Is PCI DSS new?
No. The framework of the PCI data security standards has existed in different forms for some time now and continues to evolve. You may be more familiar with the payment brands’ programs that promote the adoption of the PCI DSS
- MasterCard: Site Data Protection (SDP) program
- Visa: Cardholder Information Security Program (CISP)
- Discover Network: Discover Information Security & Compliance (DISC)
- American Express: Data Security Operating Policy
I only process a few hundred dollars a month. Does my merchant account still need to be PCI compliant?
Yes, all merchants, whether small or large, are required to be PCI compliant. The payment brands have collectively mandated PCI DSS compliance for any and all organizations that process, store or transmit payment cardholder data. Inherent in having a merchant account is the ability to handle cardholder data.
I already use a “PCI compliant” terminal/gateway. Doesn’t that mean I am PCI compliant?
No. Use of a PCI compliant payment application is one aspect of the many PCI DSS requirements, which cover handling of sensitive data. Currently, the PCI DSS lists twelve requirements. These requirements are organized around the following principles:
- Build and maintain a secure network
- Protect cardholder data
- Maintain a vulnerability management program
- Implement strong access control measures
- Regularly monitor and test networks
- Maintain an information security policy
Can I choose not to certify for PCI compliance?
If you choose not to complete the self-assessment questionnaire (and applicable network scans) you may overlook certain data security practices that minimize your risk of a security breach. In the event that your business is compromised, you may be subject to substantial fines per payment brand. These fines would be in addition to the expenses and fraudulent transactions resulting from the breach.
In light of the importance that data security has to the payment processing industry and consumers at large, we, as your service provider, may also begin imposing a fee for each month that your account has not been validated as PCI compliant or in any given month your account is deemed non-compliant. Failure to validate compliance may result in the termination of your merchant account.
What do I need to do to validate my PCI DSS compliance?
The Home Federal Bank PCI Compliance Management Service includes: assistance in determining which version of the Self-Assessment Questionnaire is appropriate for your business; administration of any applicable network scans; guidance on any necessary remediation efforts; and certification and validation of your account’s compliance. At your earliest opportunity, please visit us on the Web at https://www.pciapply.com/pci2/pci_fihd_login.aspx to log in to your merchant account and complete the necessary steps to become certified as compliant. Your default user ID is your Merchant Number and your default password is the last five digits of your Merchant Number and the uppercase state abbreviation. You will be prompted to change this initial password after logging in for the first time. If you have any trouble logging in to the system or require assistance completing the process, please contact the PCI Compliance Helpdesk at (877) 277-1176.
How long is the PCI compliance certification valid?
The PCI compliance certificate is valid for one year from the date the certificate is issued. To maintain your compliance, you are required to complete the PCI DSS self-assessment questionnaire annually and conduct any applicable network scan on a quarterly basis.
How do I know what SAQ questionnaire to fill out?
- SAQ A – Internet merchant where merchant website has no contact with card data (clicking on shopping card re-directs to secure third-party website for data collection).
- SAQ A-EP – Internet merchant where merchant website does collect card data prior to passing on to secure third-party website for processing. REQUIRES QUARTERLY SCANS.
- SAQ B – Merchants with Dial-up Terminals (analog phone line), Touch Tone Capture, Wireless Terminals, and Mobile Processing that is utilizing only Cellular Data during the processing of transactions (no WiFi)
- SAQ B-IP – Merchants with IP-Connected Terminals. REQUIRES QUARTERLY SCANS.
- SAQ C – Merchants processing over the internet (Virtual Terminal, Third-party VAR with IP Connection, and Mobile Processing utilizing WiFi during processing of transactions). REQUIRES QUARTERLY SCANS.
- SAQ C-VT – Merchants processing with iTerminal, Orbital VT, or Global Gateway VT with NO stripe reader and accessing on a PC that is not on a network. SCANS NOT REQUIRED.
Near Field Communication
Contactless payments are no longer the future of payment technology, but the present.
NFC stands for “near field communication.” It’s the technology that allows smartphones and other devices to communicate with each other when they’re close together. NFC enables mobile payments, which are transactions that require no physical contact between the payments device and the payments reader.
Our payment solutions support all NFC brands, from the Card Associations “Tap to Pay” to the NFC Wallets such as Apple Pay, Android Pay, and Samsung Pay. To trigger an NFC payment, you hold your credit card or smartphone up to an NFC reader. The devices have to be pretty close — a couple inches at the most.
The transaction time is really fast — the whole thing takes just seconds. It’s also really secure. For example Apple Pay works through Touch ID (Apple’s fingerprint technology), things are pretty locked down even if your phone is stolen. What’s more, contactless payments like Apple Pay contain multiple layers of dynamic encryption. The data associated with the cards you have on file is constantly changing. So even if fraudsters were somehow able to get in there, the information would be useless to them.