Cardholder security & compliance is our top priority at Hubwallet. Now, more than ever, protecting revenue is essential to your business. We continually invest in tools and technologies to protect our clients’ data and their customers’ throughout the payment transaction cycle. Whether it be a POS terminal, an eCommerce transaction, payment authorization or settlement, you can count on The Merchant Solutions to provide you with a range of security measures to protect you from the damage of a security breach, while helping you meet PCI compliance standards.
At Hubwallet, we continuously invest in tools and technologies to provide our merchants with cardholder security. Our first priority is to present you with an assortment of security measurements to protect you from the damage of a security breach while helping you meet PCI standards. PCI DSS stands for Payment Card Industry Data Security Standard. It incorporates a set of industry tools and measurements to help ensure the safe handling of sensitive information.
If you are in the payment card business, you are affected. PCI compliance applies to every business that stores, processes or transmits any cardholder data regardless of the size of the company. Nobody is exempt. PCI is crucial for all merchants who accept credit cards, online or offline, in order to ensure the security of your customer’s payment card data.
Many criminals target small businesses in order to gain credit card or other sensitive information. If the merchant is at fault for a security breach, the merchant faces the potential of many negative forces:
The object of desire to a thief is cardholder data. By obtaining the Primary Account Number (PAN) and sensitive authentication data, a thief can impersonate the cardholder and steal the cardholder’s identity. Sensitive cardholder data can be acquired from many places:
Everything at the end of a red arrow is sensitive cardholder data. Anything on the back side and CID must never be stored. Everything else you store must be for a good business reason, and that data must be protected.
PCI Compliance allows you to confidently communicate with your customers that appropriate measures have been taken to protect valuable cardholder information. Taking a few security measures now can help your business prevent credit card fraud.
The Housing and Economic Recovery Act of 2008 contains new payment transaction reporting requirements intended to help the IRS identify under-reported sales. This is to be done through third-party corroboration of the amount of a merchant’s credit card, debit card, gift card and eCommerce transactions. At the end of each calendar year, the reporting entity (i.e., the “merchant acquiring entity”) will file an information return with the IRS reporting the gross amount of that merchant’s transactions for the year and will provide a corresponding Form 1099-K to the merchant.
Section 6050W of the Internal Revenue Code and the implementing Treasury Regulations contain new transaction reporting and withholding requirements. Obligated reporting entities must report merchants’ payment card and third party network transactions based on tax identification numbers and tax filing names. In addition, these entities must support withholding of merchant settlement dollars based on IRS backup withholding guidelines.
Amounts reportable under Section 6050W are subject to backup withholding requirements. If a merchant fails to provide its payment settlement entity with its TIN or if there is a discrepancy between the merchant’s TIN and the associated information in the payment settlement entity’s records and the IRS’ records, the payment settlement entity will be required to perform backup withholding from merchant funding by deducting and withholding income tax from reportable transactions in 2012. Backup withholding will be based on the current IRS withholding regulations (currently 28 percent) and will be subtracted from the merchant’s daily deposits. The withholding is based on the merchant’s gross amount of sales.
In order to perform these reporting and withholding functions, each payment settlement entity, or a merchant acquiring entity, must have the correct TIN and tax filing name for each merchant. Merchants will be contacted by their merchant acquirer to provide updated tax information
(if current information does not match the IRS database) or to confirm validated tax information on file.
Depending on your situation, you will need either a TIN (Tax Identification Number) or an EIN (Employer Identification Number). To best determine which you will need or to confirm your
TIN or EIN, visit the IRS Web site at http://www.irs.gov/ and go to the section on TINs.
The new IRS reporting requirements will undoubtedly create apprehension and operational challenges for both merchants and reporting entities. Both parties can minimize frustrations by making the necessary preparations to comply with the law as its requirements are understood today, well in advance of the law’s effective date.
Hubwallet will continue to be a resource for merchants and financial institutions to help them understand responsibilities as details of the regulations become clearer. Additionally, we are committed to collaborating with our partners and customers in compliance implementation.
So, while the new IRS requirements may be intimidating, compliance will be manageable if all impacted parties make time to understand the provisions as they are outlined today, identify responsibilities and plan strategies. It’s just as important to remain alert, through research and communications, for future clarifications regarding compliance.