Earn Extra Cash as a Referral Partner (ECHO Newsletter)

Electronic Clearing House, Inc.�

R E V E R B E R A T I O N S R E V E R B E R AT I O N S

July 2007

Vol. XII No. 7

PCI MYTHS BUSTED

MYTH #4

With so much information on the Internet about

PCI compliance, it is sometimes hard to separate truth

"I had a consultant install my Payment Application

from fiction. The majority of data breaches are due to

Best Practices validated software and he assured me

the merchant's failure to understand their obligation in

that my system is now secure."

securing cardholder data. It is apparent that there are

When working with a consultant, make certain they

many misconceptions that have developed that need

fully understand the PCI DSS. It is not enough that

to be debunked.

your software is PCI compliant, your entire cardholder

MYTH #1

environment needs to be assessed.

MYTH #5

"Since ECHO is PCI compliant, I am automatically

compliant as well."

"Since I have implemented a new payment system, I

Unfortunately, it's not that simple. ECHO is

don't need to worry about track data I have stored."

not responsible for cardholder data within your

Is that so? In case you didn't know, track data is the

environment. Even if you don't store data, you

information that is stored in the magnetic stripe of the

are still at risk. Cardholder data can be stolen

payment card. If stolen, this information can be used

as it is processed and transmitted across your

to create duplicate credit cards.

network. You must be PCI compliant.

The age of your payment system has nothing to do

MYTH #2

with whether or not it is safe to store track data. You

must never store track data.

"My business processes very few transactions

and we don't even do e-commerce. Therefore,

There will probably not be an end to the myths that

my business isn't obligated to comply with

arise in regards to PCI compliance. A good rule to go by

PCI DSS."

would be "when in doubt, check it out." When handling

cardholder information it is always best to err on the side

T h i s is probably one of the biggest

of caution. Always remember that ECHO is here to answer

misconceptions. The truth is that 59% of

any of your questions. Just call our Security Department

cardholder breaches that are currently under

at 800-262-3246, ext. 7. or visit our PCI info page at

investigation originated at point-of-sale

www.echo-inc.com/pci.

terminals at brick and mortar stores. Though

validation requirements vary depending

upon your merchant level (number of

transactions) all merchants are required to

be PCI compliant. You can call ECHO at any

time if you are uncertain about your particular

requirements.

MYTH #3

"When I purchased my POS processing software, the

box stated that it had advanced security measures. I'm

sure it must be safe."

It's not enough that the box the software comes in

says that it has "advanced security measures." Make

sure your software is Payment Application Best Practices

validated.

Electronic Clearing House, Inc.

730 Paseo Camarillo

Camarillo, California 93010

1-805-419-8700

www.echo-inc.com

Adding eCommerce with Ease

Exciting news!

ECHO has established a new partnership with SerraHost, a San Diego-based company that offers the ProStores

service developed by eBay. ProStores is a perfect solution for any merchant that is interested in building a web

site with eCommerce capability. This new solution will be available starting early August, so stay tuned for the

availability date in next month's Reverberations.

In addition to being an excellent stand-alone web store solution, ProStores enables a merchant to list, manage,

and sell products through eBay, exposing their merchandise to the 147 million eBay users that frequent that

site. ProStores makes it easy to create a professional looking web site. If you would like more information about

Serrahost and the ProStores solution, visit www.Serrahost.com or contact our Sales department at 1-888-249-

7693, ext. 5.

Information Worth Sharing

Tell a Friend about ECHO and Earn $100!

ECHO's DoubledDoubled Referral Fee Continues

This is a simple way to earn some extra cash. Tell your friend or colleague about ECHO, and if they activate

an account for either credit card or check processing, ECHO will pay you $100.

Here's how it works. ECHO will pay you $50 when the account is activated, and then another $50 after your

referral completes their third month of processing. You also have a choice in how you are paid. You can be paid

with a check or with $50 gift cards from GAP or Burlington Coat Factory. It's a win-win situation for both you

and your friend.

July 18 July 18 July 18 System Maintenance Schedule July 18 July 18 July 18

System maintenance is performed on the third Wednesday of every month.

This will be between 1:30 a.m. and 5:30 a.m. Pacific Standard Time (PST).

If you require additional information, our Customer Support department is open 24 hours daily and can be

reached at 800-262-3246, ext. 1.

ECHO merchants process on the Electronic Clearing House, Inc. (ECHO) network. ECHO is a publicly owned company trading on NASDAQ under

the symbol "ECHO". ECHO provides thousands of merchants with reliable processing of bank cards and checks. Merchants are sponsored by FIRST

REGIONAL BANK, Agoura Hills, CA (800-777-0929). Member FDIC.