Skip navigation
All Places > In the News > Blog > 2018 > March
2018

Who Has To Register with Card Brands and be PCI DSS Compliant? 

Within the context of the card brand rule, Service Providers are defined as any entity that stores, processes, or transmits cardholder data on behalf of another party or otherwise has the ability to impact the security of another party’s cardholder data or cardholder data environment.  Examples of such entities include, but are not limited to:  payment gateways, hosting providers, loyalty providers, managed security providers, document storage and destruction companies, integrator resellers, etc. Service providers that participate in these activities are required to be registered with the Card Brands and also demonstrate PCI DSS compliance. 

Visa's non-compliance penalty for Service Providers begins at $10,000 USD

How to Determine the Level of Service Provider Your Company is for PCI Compliance. 

Service Providers are grouped into 2 levels which will determine the validation efforts required by the Card Brands. Level 1 Service Providers are those that process over 300,000 Visa branded or MasterCard branded transactions annually, while Level 2 Service Providers are those that process less than that amount annually. Below is a list of required documentation based on level.

Level 1

  • Annual On-Site PCI Data Security Assessment completed by a Qualified Security Assessor (QSA) 
  • Quarterly Vulnerability Scans
  • Attestation of Compliance (AOC) signed by the QSA

Level 2

  • Quarterly Vulnerability Scans
  • Annual PCI Self-Assessment Questionnaire (SAQ D-SP)
  • Attestation of Compliance (AOC) signed by the service provider

 

Please note that PCI DSS compliance and validation is an industry wide requirement as outlined in the card brand rules and are not unique or specific to Vantiv, now Worldpay.

 

How to Register as a Service Provider with the Card Brands (Visa & Masterard) 

 

Once you have completed your PCI DSS validation requirements and are considered PCI compliant you will need to complete registration with the Card Brands (Visa and Mastercard). Registration also allows you to demonstrate compliance and better promote your services to potential clients. In order to register  we will need some basic business information included in a registration document we will provide you, along with:

  •  Articles of Incorporation
  • Two years business financials (or business tax returns)
  • DBA business license (if different from legal)

 

Once these documents have been collected by Vantiv, now Worldpay, we will submit on behalf of your company. Each Service Provider is required to register with each acquirer relationship.

 

To learn more about the challenge and costs of PCI and PA DSS Compliance:  https://developer.vantiv.com/community/news-and-communications/blog/2017/01/31/pci-and-pa-dss-compliance-costs-challenges

If you are a partner and need help to navigate these requirements, please feel free to reach out to either the Compliance team (Compliance@mercurypay.com) or Carrie Brubaker directly (Carrie.Brubaker@worldpay.com).

 

Additional information on PCI Security Standards can be found here.

PCI Council QSA Companies can be found here: https://www.pcisecuritystandards.org/assessors_and_solutions/qualified_security_assessors

Visa Service Provider information can be found here: https://www.visa.com/splisting/LearnMore.html#pdvsp

https://usa.visa.com/content/dam/VCOM/download/merchants/tpa-registration-program-faqs.pdf

Mastercard Service Provider information can be found here:  https://www.mastercard.us/en-us/merchants/safety-security/security-recommendations/service-providers-need-to-know.html#ftn2

 

 

To the general public, the buzz around blockchain is focused primarily on the skyrocketing rise in Bitcoin prices and the growing market value of other cryptocurrencies like Ethereum, Litecoin, and Ripple.  For developers though, blockchain is a "Crouching Tiger" in Enterprise business and it's set to pounce to the forefront of many business processes we touch on a daily basis.

 

blockchain 3 hottest trends in Enterprise business

 

We caught up with Josh Mather, Sr. Solutions Consultant at Vantiv, Now Worldpay (jmather) and he had some revealing insights for where developers will find a healthy focus on adoption into Enterprise business.  His message:  If blockchain has not found its way into your coding sprint, get ready because it's coming soon to a standup near you.

 

Q:  Josh, what are your biggest takeaways around blockchain for 2018?

Firstly, we're starting to see the regular adoption of the technology in enterprise organizations.  There are things like the IBM Hyperledger coming in to manage particular networks between different supply-chain ecosystems.  Secondly, don't panic.  Developers do not necessarily need blockchain programming experience to succeed in the future.  But try to understand what does a completely decentralized global system look like and how can you tackle that from a developers' perspective?  Ask yourself what little piece can you start at and work on?  The past year was a period where blockchain became a buzzword.  In 2018, I see a lot of core pieces of infrastructure being built around blockchain right now and this will filter out over the next few years where we'll then see the application layers get built-out as companies have more use-cases for blockchain technology.

 

3 ways blockchain technology will affect Enterprise business in 2018

 

Infographic download link at bottom of article

 

Q:  Even for developers, there's still a lot of confusion around how blockchain development will find it's way into Enterprise business.  Can you give us an example of how blockchain will change Supply Chain Management?

Blockchain in supply chains provides a new traceability system for material and product traceability. The blockchain gives unchangeable visibility that can be audited and remain secure through a supply chains lifecycle and beyond. It allows anyone to track the provenance of anything.  Just look at the infographic below to see how the relationship between the farmer, the food manufacturer and you, the consumer, can benefit from blockchain technology to trace food production, assist in the tracking of the manufacturing and processing, provide better management of food safety and finally aid in the transportation of food to the consumer.  There are efficiencies all along the supply chain lifecycle.

 

The term "Farm to Fork" could be the new blockchain managed ecosystem for food retailers to manage food safety while offering the potential for better management and increased profits.

 

Infographic on how blockchain technology will help supply chain management in Enterprise business.

 

Infographic download link at bottom of article

 

 Other Enterprise Industries Using blockchain Applications.

  1. Financial Services
  2. Health Services
    • IBM and the US Food and Drug Administration started a partnership to work on a scalable health data exchange to address lack of transparency in health data while improving the trust in patient privacy.
  3. Auto Industry
    • Volkswagon and Renault are testing vehicle telematic tracking, capturing vehicle mileage, engine use, repair history and other data on blockchain to store a historical accounting of use for insurance, maintenance and resale purposes in Germany.
    • Toyota is using blockchain to test the purchase of secure, private driving data to build autonomous vehicle driving algorithms.
  4. Aviation
  5. IoT

 

Q:  Josh, where do you see blockchain making its way into the payments industry?   You mentioned some interesting news from Coinbase.  For those unfamiliar, Coinbase is one of the largest cryptocurrency exchanges.

This is called, Coinbase Commerce and it allows you to exchange cryptocurrency as a form of payment in a global fashion through an easy integration with the exchange. They have one of the most well-known eCommerce platforms, Shopify, already integrated into the system.

 

Coinbase is expanding their merchant services.  They are offering a way to do an integration through Coinbase for the exchange of goods for a merchant.  Much like Vantiv Now Worldpay does transactions in fiat currency, now Coinbase is taking that model and getting it out to developers to build a crypto payment model much like PayPal.

 

"We're going to find that is a very big moment in the crypto world.  It's the largest exchange in the world and they are getting into the payments industry"  From a developers perspective, they're thinking "WOW I can write code for a crypto payment" 

 

Q:  How can developers get started in blockchain?

For developers in payments, you need to ask yourself what is the mechanism to bring blockchain into your enterprise?  Is it a KYC / AML component?  Perhaps your focus should be looking into identities where the Know Your Customer and Anti Money Laundering components can be improved.  There are blockchain projects that bring that to the table and ways for a customer to identify themselves on the blockchain.  There's also been some blockchain work around remittances and cross-border payments with Stellar and Ripple where Ripple is going down the traditional banking route and Stellar is going down the partnership route model to facilitate these transactions across borders.

 

Blockchain development is growing at a rapid pace. At the end of 2017, the job market had grown nearly 200% and it is rated as one of the top 20 fastest-growing job skills. That said, it can be tough to gain experience with this new technology. One way is to roll up your sleeves and contribute to an open source project. Many welcome the help and cherry pick the most passionate contributors.

 

We also spoke with Andrew Harris, Sr. Product Marketing Manager at Vantiv Now Worldpay  (andrew.harris)  about how developers can start a thriving coding group at your business.

 

Q:  Andrew, what words of wisdom can you pass along to developers looking to start coding in blockchain with an active peer group?

 

Sometimes the hardest part of doing “cool stuff” in the office (on your own time mind you) is finding that early morning, late evening, or lunch-hour time to commit to learning something new.

 

Luckily developers are perpetual learners and avid problem solvers. However, not all developers enjoy spending their personal time in group learning environments and the web is full of excellent resources for those of us that would rather read on our own about blockchain and step through various tutorials and walkthroughs around blockchain, bitcoin, and decentralization.

 

One of my colleagues was interested in teaming up and once we would each digitally drag a late morning user story from "in progress" to "done" status, we would then occupy a conference room over our lunch hour and read and explore blockchain through our combined brainpower. After a few sessions, we would start writing code and put the theories to practice. I know for me, applying something practically helps it soak in. Soon others were curious what we were doing.

 

If you are interested in starting your own grassroots "lunch-n-codes" session in your office just ask around and I bet you will find teammates open to the idea. Surely there are others with similar interest in tech, right? Be prepared to barter as well. If you want to spend group time working on a machine learning application using python and various frameworks then be open to working with your peers on something they might be interested in as well, such as blockchain, altcoins, or decentralized ledgers. You will be surprised how easily you can get a group interested in these types of lunch and code events.

 

One last bit of advice, don’t make it rigid, truly keep it agile. If someone wants to talk about their weekend for half of the time it is okay. Developing personal connections are not a bad thing.

 

Why do it? At the end of the day, you are adding to your skill set and more importantly can charm your friends with words like ripple, crypto, fat protocols, and my favorite: hash.

 

 

LEARN MORE:

If you're interested in learning more about blockchain, check out the following articles on blockchain technology.

Blockchain Part 1: Cross-Border Payments and Remittances 

Blockchain Explained: Debt Markets and P2P Lending (Part 2) 

Blockchain Explained (Part 3): Token Sales and ICO Funding Models 

Vantiv & Voatz Team Up To Win Blockchain Hackathon! 

Payment partner spotlight: Jeremy Julian

 

People and customer service are the keys to winning national franchises

Like many first big opportunities, CBS landed their first national franchise through an existing relationship. A former client from a small restaurant moved to a big brand chain. Impressed by CBS’s service for his former employer, he recommended CBS for the franchise, too.


The recommendation panned out and CBS delivered the great customer service they were known for to cultivate a long-term relationship with the national franchise. This success caught the interest of other franchises and led to contracts with dozens of nationally recognized brand names such as Golden Corral Buffet & Grill, Lazy Dog Restaurant & Bar, California Pizza Kitchen, and many others.


Julian believes that CBS’s success can be contributed to adhering to their core company value: always focus on their client’s success.

 

“First, you have to make the decision that you want to go after a different clientele. Then, you must be willing to adapt by investing in your people, your process, and your technology to adjust to what those clients are looking for. “

Beating the competition

 

Competition in the POS industry is getting more intense each year. What used to be a relatively unknown industry has exploded and even Silicon Valley has jumped on the bandwagon. So with more competition and new technologically savvy players, how does CBS continue to win?


“It comes down to two things: finding the right people, and taking care of our clients,” says Julian. “If you don’t have the right people on your team, none of it matters. We find people that have an attitude of service from sales to implementation and even our technicians.”

 

How to compete with Silicon Valley: Invest in Your Employees


The company invests heavily in their staff. In addition to training programs, CBS offers a mentoring program and promotes growth. “It’s so important to invest in your employees,” says Julian. “If you invest in them, then they stay and they grow, otherwise they are going to leave, and then you are right back where you started.”


All of this helps create a great work culture. Julian notes that at CBS there is no such thing as “that’s not my job.” Everyone must pitch in and do what is best for the client.

 

How can a VAR or ISV meet a national franchise?

 

Julian believes that when you take care of people, they take care of you. And for CBS, adhering to their core company values has paid off handsomely in terms of referrals and relationship building.

 

Happy customers are your best salespeople.


He says that it’s paramount to “Serve the customers you already have well because you never know who is going to start that next franchise. If you treat your existing customers well, they will sell your products and services for you.”

 

Trade shows and conferences are also a great way to get in front of franchise operators, particularly payment conferences, restaurant finance conferences, and restaurant technology conferences like MURTEC, the FSTECH show, and Retail Now (RSPA)

“Be in these places, be visible, and be prepared, know what you are selling and what problem you are going to solve.”

Julian also suggests sponsoring events. Franchises and corporations often host golf tournaments, general manager conferences, and charitable events.


“If you invest in their business then they will likely invest in your business.”

 

What can a VAR or ISV do to prepare to work with a national franchise?

 

When pursuing national franchises, Julian notes that you are essentially dealing with two distinct clients: the owner/operator and the corporate office. You have to pay attention to both. Even if your owner-operator is happy, you must make sure that the corporation is happy too.


“It is so important to learn how to service your clients, truly understand their needs, and learn how you can serve them,” says Julian. “And be humble and willing to adapt your business model. We’re in a service model and so are they. So if you service them they will reward you.”


To learn more about Jeremy and the entire CBS team, visit Custom Business Solutions, Inc.


Do you have a Partner Spotlight story to share?


We'd like to hear from you if you have a unique story to share with our Partner Spotlight. Leave a comment below and we'll get in touch.

Not long after ABBA was making musical hit history in the U.S., Terry Ziegler’s company, Datacap Systems, Inc., entered the payments scene destined to make a difference. The company initially made a splash in the Electronic Cash Registers (ECR) market and then helped power the integrated payments revolution.

 

Datacap’s business model is built on simplifying payments and enabling generations of developer and reseller communities to grow their businesses with the Datacap “formula.” This formula consists of creating an easily accessible way of translating POS language to any number of premiere processing/card brand languages and back to the POS.

 

And Datacap did all this without needing to play ABBA.  They took the chance out of payments.

 

Throughout its history, Datacap has been ahead of the curve and a true leader in the integrated payments industry. Marc and Jeff Katz, the founding brothers of Mercury Payment Systems (now Worldpay), knew this and built their company using Datacap’s technology.  Mercury innovated on the Datacap technology by bringing the localized NETePay client-server distributed software architecture into a hosted environment. The result: greatly reduced the cost and effort of installation and maintenance.

 

I suspect in the early 2000s, the Katz brothers were probably not singing ABBA's hit from an earlier era.  They removed the "Take a Chance on Me" by innovating on the solid and reliable technology of Datacap Systems.

 

A foundation for payment processing

Datacap technology was a centerpiece of Mercury's early rise in the integrated payments space and has been revolutionizing the market during the various business re-alignments in our short history of mergers and acquisitions. First, with the change in the partnership-model moving to an equity company. And later with the acquisition by Cincinnati-based Vantiv.

 

With the recent Worldpay merger, the company is entering into a new era of global reach, and the integrated payments organization is again strategically re-aligning to meet new business needs.

 

In a previous article Rapid-fire Recurring Revenue Recommendations, Jim Roddy talks about recurring revenue options ISVs and VARs should consider. The release of NETePay 5.07, is a step in the right direction to implementing new revenue streams.

 

 

As an engineering partner to the payment ecosystem, Datacap is notably instrumental and impressively responsive in turning around and delivering requested software.

 

As I hear that ABBA song in my head one more time, I suspect each processing generation begins by taking a chance on the new. Whether heritage or new TechVitality, technology is always evolving.

 

You have dreams of increasing your recurring revenue, but you can’t find time to investigate new products and services. I’m going to give you a shortcut to recurring revenue riches with a pair of quick-read bulleted lists that will jumpstart your progress.

 

Are you offering these six products/services on a recurring revenue basis?

  • Data analytics: Provide your merchants with statistics about their competition and enable them to receive alerts about their social media mentions.
  • Gift/loyalty: A rewards program will help your merchants increase traffic, awareness, and consumer loyalty.
  • Online ordering: What used to be a “nice-to-have” feature for merchants is becoming a “must-have” as consumers use their phones to make more purchases.
  • Managed services: Charge a monthly fee to monitor each merchant’s network. Keep them secure while also avoiding downtime.
  • Wi-Fi: Enhance the customer experience by ensuring your merchants have reliable and secure Wi-Fi.
  • Payment processing: A full-service payments provider (as opposed to a bare-bones one) will reduce your overhead so you can pursue more recurring revenue initiatives.

 

You can't be a trusted advisor if you offer only reactive service.  

 

If you’re not embracing all six of these products and services, you’re missing out on opportunities to increase your recurring revenue and make your relationship with your merchants stickier. You can’t be a trusted advisor if you offer only reactive service. Guide your merchants into new technologies that will increase their sales and lift their bottom line.

 

Because I engage with leading POS resellers and ISVs every week, I’ve learned some key principles and tactics related to recurring revenue:

  • If you aren’t offering all six of the products/services listed above, pick one or two to investigate and then test them with clients with whom you have a strong relationship. Implement the new offering, scale it (market to all your merchants), and then investigate one or two more products/services to add to your linecard.
  • Offer a 90-day trial period for new services to current customers. Prove to them that it works and they tend to buy-in.
  • The break/fix business model was a sprint: sell as much hardware, software, and peripherals as you could in the initial sale. The recurring revenue business model is a marathon: how much technology and services can you sell to the customer in the long run?
  • White-label products whenever possible so if you switch vendors you can make a change that is less disruptive to the client.
  • Aim for monthly recurring revenue to exceed monthly expenses. Additional project work that month will fall to the bottom line.

 

As I said at the outset of this piece, this is a 400-word shortcut to start you down the path to recurring revenue riches. For more information on this important topic, watch my hour-long webinar on recurring revenue or read my nearly 40-item list of recurring revenue products and services for POS solution providers.

 

 

For more On the Edge content, please visit the Vantiv Partner Advantage website.

 

Jim Roddy is a Reseller & ISV Business Advisor for Vantiv’s PaymentsEdge Advisory Services. He has been active in the POS channel since 1998, including 11 years as the President of Business Solutions Magazine, six years as a Retail Solutions Providers Association (RSPA) board member, and one term as RSPA Chairman of the Board. Jim is regularly requested to speak at industry conferences and he is author of the book Hire Like You Just Beat Cancer.