Electronic Clearing House, Inc.

R E V E R B E R A T I O N S R E V E R B E R AT I O N S

February 2007

Vol. XII No. 2

What do I do when

of positive identification with their signature (such as a

driver's license) to confirm their identity. Visa then requires

a customer tries to pay with an

that you indicate the positive identification, including any

unsigned card

serial number and expiration date, on the transaction

receipt. Finally, both Visa and MasterCard require that the

cardholder sign the signature panel on the card before

This scenario happens often: A customer hands you

the transaction can be finalized.

their card and in the process of the transaction, you notice

that the card is unsigned. In most cases, it's an innocent

If the cardholder refuses to sign the card, do not

mistake on the part of the cardholder, but it is still a

complete the transaction. If the cardholder has written the

situation that has to be handled correctly.

words "Please see ID" on the back of the card, that does

not count as a signature. Please note that all the steps

Both Visa and MasterCard have similar procedures

listed above must be followed before the transaction can

for unsigned cards. First, you must get the authorization

be completed.

from ECHO. Second, ask the cardholder for some kind

Automated Deduction Notice

Now On-Line

If you are a merchant who uses our Merchant

Center (https://wwws.echo-inc.com), including

on-line merchants and those who already have access

to on-line reporting, you can now access your Automated

Deduction Notice on-line at our Merchant Center.

AC Q U I S I T I O N  U P D A T E

or...ECHO Gets Into It with Intuit

After our major announcement in December, we thought we should update you on the acquisition by Intuit. The

process is moving forward, but until the deal is finalized, ECHO continues to operate as a separate company. The

closing of the acquisition is expected to occur by the end of this quarter. If you have any questions or concerns about

how the acquisition will affect you and your business, please feel free to contact customer service at 1-800-262-3246,

ext. 1.

February 21 February 21 System Maintenance Schedule February 21 February 21

System maintenance is performed on the third Wednesday of every month. This will be between 1:30 a.m. and 5:30 a.m. Pacific Standard Time (PST).

If you require additional information, our Customer Support department is open 24 hours daily and can be reached at 800-262-3246, ext. 1.

o

o

o

o

Electronic Clearing House, Inc.

730 Paseo Camarillo

Camarillo, California 93010

1-805-419-8700

www.echo-inc.com

PCI DSS GETTING IMPLEMENTED ASAP

What is PCI DSS These letters stand for

stores, or transmits cardholder data is required to follow this

Payment Card Industry Data Security Standard.

new standard. This means that compliance is not optional.

It is a relatively new security standard aimed

Those who don't comply can be assessed large fines.

at preventing data security attacks that

ECHO has already been tracking the PCI compliance of

compromise cardholder information. It was

its largest merchants, and will continue to expand that

created by the major banks and card associ-

program in the coming months.

ations who have combined efforts to develop

Over the next few months, we will be providing regular

a uniform standard for payment card data

information on compliance requirements ­ both in

protection.

Reverberations and on our Web site.

After three and a half years of adjustments,

One of the requirements of PCI is compliance AND,

PCI is now being recognized and accepted by

in many cases, reporting. Below is a chart of the levels

financial institutions worldwide. And it's not

of reporting requirements. We will do our best to answer

just limited to Visa and MasterCard. American

any question you may have about this over the next

Express, Discover, and JCB are now requiring

few months. Meanwhile, if you have questions about

compliance to the PCI DSS.

PCI compliance you can visit the following website:

PCI and Your Business

https://www.pcisecuritystandards.org/, or call ECHO

Any merchant or service provider that collects,

Security at 1-800-262-3246, ext. 7.

Compliance

Merchant Levels

Validation Actions

Actions

On-Site

Self

Network

Merchant Level Criteria

Comply

Security Audit

Assessment

Vulnerability

Validation

with PCI

Performed

Questionnaire

Scans

(SAQ)

9/30/04 (VISA)

VISA or MC Level 1

· Process more than 6 million

6/30/05 (MC)

Required

Required

transactions annually from any

Required

Annually

N/A

Quarterly by

All new level 1

channel.

Approved

merchants have

· Any merchant who has experienced

Vendor

up to one year to

a data compromise.

validate.

· Any merchant who is identified as a

level 1 merchant with any card assoc.

9/30/07 (New

VISA Level 2

· 1 million to 6 million transactions

level 2 VISA

Required

Required

annually from any channel.

merchants as of

Quarterly by

Annually

Required

N/A

MC Level 2

8/06)

Approved

· 150,000 to 6 million transactions

Vendor

6/30/04 (MC)

annually from any channel.

VISA Level 3

· 20,000 to 1 million ecommerce

6/30/05

Required

Required

transactions annually.

Annually

Quarterly by

(VISA & MC)

Required

N/A

MC Level 3

Approved

· 20,000 to 150,000 ecommerce

Vendor

transactions annually.

VISA Level 4

· Less than 20,000 ecommerce

Validation dates

Required

Required

transactions annually or up to 1 million

set by ECHO

Annually

Quarterly by

Required

N/A

transactions from any channel.

Approved

MC Level 4

Vendor

· All other merchants.

ECHO merchants process on the Electronic Clearing House, Inc. (ECHO) network. ECHO is a publicly owned company trading on NASDAQ under

the symbol "ECHO". ECHO provides thousands of merchants with reliable processing of bank cards and checks. Merchants are sponsored by FIRST

REGIONAL BANK, Agoura Hills, CA (800-777-0929). Member FDIC.