GS Logo
The Green Sheet, Inc

Please Log in

Banner Ad
View Archives

View PDF of this issue

Care to Share?


Table of Contents

Lead Story

Health care: When will payments stake its claim?

News

Industry Update

Hats in the ring for ETA awards

All clear for Intuit, ECHO merger

California chomps on gift card leftovers

Acquiring today, a shapshot

L60 at odds with Pipeline

EC interchange ruling: Merchants applaud, MC digs in

Swipe 'n shred, self-service fraud foiler

Features

AgenTalkSM:
Terence Van Horn

Triton layoffs changes, challenges

Tracy Kitten
ATMmarketplace.com

ISOMetrics:
ISOMetrics

Views

Hot, hotter contactless and mobile

David Talach
VeriFone

Education

Street SmartsSM:
Winter profit-land

Dee Karawadra
Impact PaySystem

Drill down to the fine print

Jeff Fortney
Clearant LLC

B2B and B2G: The road ahead

Aaron Bills
3Delta Systems Inc.

POS system power

Maxwell Sinovoi
United Bank Card Inc.

Interviewing for quality

Curt Hensley
CSH Consulting

PCI compliance: Don't forget the little guys

Ken Musante
Humboldt Merchant Services

Company Profile

Credit Cash

New Products

Eco-friendly two-sided receipt printing

2ST thermal receipt printer
NCR Corp.

Wireless terminal for mobile pros

Blue Bamboo H50 POS terminal
Blue Bamboo

Inspiration

Clean slate, new fate

Miscellaneous

POScript

Departments

Forum

Resource Guide

Datebook

Skyscraper Ad

The Green Sheet Online Edition

January 14, 2008  •  Issue 08:01:01

previous next

Forum

Getting the "FACTA"s straight

This note came in regarding "Receipts still reveal too much" by David Mertz, which we published Dec. 26, 2007, in issue 07:12:02. It is followed by Mr. Mertz's response:

I believe there's a little confusion on what the Fair and Accurate Transactions Act of 2003 (FACTA) requires. The merchant copy can still have full card number and expiration date, although it's not a good idea. FACTA states, "Except as otherwise provided in this subsection, no person that accepts credit cards or debit cards for the transaction of business shall print more than the last five digits of the card number or the expiration date upon any receipt provided to the cardholder at the point of the sale or transaction."

Additional information on FACTA is on the Web at www.ftc.gov/bcp/edu/pubs/business/alerts/alt007.shtm.

Lucas Zaichkowsky
Developer Support
Mercury Payment Systems

Lucas,

Someone else pointed this out as well. It has much to do with interpretation. Two types of receipts are printed at the POS. The first is the NCR receipt. No confusion there: Since both contain exactly the same information, neither can contain the full card number.

However, confusion comes in when two separate receipts are printed - one that the merchant keeps with the cardholders signature and one that the cardholder keeps. In this scenario, many POS systems print the full card number on the merchant receipt and a truncated PAN on the cardholder's receipt, and merchants believe this meets FACTA.

However, it comes down to the interpretation of the word "provided." If, in this second scenario, the POS system generates a receipt with a full PAN, which is then signed by the cardholder, I interpret this as providing the cardholder with a receipt - even if the receipt is given back to the merchant. It is still a merchant providing a receipt that has a full PAN to the consumer - even it if it is for a signature, and the receipt is being returned to the merchant for safekeeping. Further, there are many times when the receipt presented to the cardholder for signature does not get signed and is kept by the cardholder. This happens as a result of confusion, distraction or other circumstances at the POS. Again, this would be a clear violation of FACTA.

The other thing to look at is the next paragraph in the act. The exception. This is for handwritten or imprinted sale transactions only. The intent of the law, based on this paragraph, is to limit the presence of card numbers on receipts to systems where it is impossible to do otherwise - this pertains both to merchant and cardholder receipts.

For electronic POS systems, there is no business reason to justify the printing of card numbers on any receipt - whether it is maintained by the merchant or the cardholder. The continuing practice of doing so is exposing merchants to significant liabilities both under FACTA and the Payment Card Industry Data Security Standard.

With the numerous lawsuits pending regarding FACTA violations around the country, a complaint will be filed (if not done already) in federal court regarding merchant receipts. The merchant who receives the complaint will surely argue that the merchant copy of the receipt does not meet the definition of "provided" under FACTA. It will be interesting to see if the court agrees with this position. Thank you for writing to me. Please feel free to write me at any time.

David Mertz
Partner, Compliance Security Partners LLC

Call us, write us

Would you like us to cover a particular topic? Is there someone you consider an Industry Leader? Did you like or dislike a recent article in The Green Sheet? What do you think of our latest GSQ? E-mail your comments and feedback to greensheet@greensheet.com or call us at 800-757-4441.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | Harbortouch | USAePay | IRISCRM.COM | Humboldt Merchant Services