Government Relations Update

One for the team - New York  became the 17th state to enact international-surcharging when Governor Spitzer (D) signed the bill initiated by ATMIA on July 3rd, becoming effective in 90 days.  The ATMIA Government Relations Committee retained Marsh & Associates, P.C. for general governmental affairs representation in New York for the 2007 calendar year.  Marsh & Associates was the force behind this bill by meeting with legislators on our behalf to communicate our position.  Their great credibility and constant contact with the New York legislative staff has gained the ATM Industry great presence in New York.

Up to bat again – Florida’s veto surprised all at ATMIA that have been working for the past two years to enact international-surcharging.  Last year this bill died as it was challenged by Visa and MasterCard contending that the law was vague on the point.  It’s a matter of whether the bill says that ATM owners ‘may’ or ‘may not’ be able to charge the fees.  ATMIA clarified the problematic wording, watched the bill pass the House unanimously on April 26 and the Senate by a vote of 38-1 on May 3, only to have it vetoed because of a May 3 amendment requested by the Florida Retail Federation. The controversial amendment would have allowed retailers to up the late fees they charge customers with delinquent credit accounts from $10 a month to $25 a month.  The sponsors of this bill were aware of this amendment but there was no way of foreseeing that it would cost us the bill over that little change.  A written statement from Crist, issued June 28, confirms that the fate of the international-surcharge bill was adversely affected by the controversial amendment.  ATMIA researched avenues to override this veto to no avail, and will introduce this measure again in the 2008 session, which convenes March 4, 2008.

Perseverance – On July 10th, ATMIA contacted Visa again asking if there has been any progress in regards to overriding the International Surcharge Rule and granting an exemption to the rule for all non-bank owned ATMs in the US, stating that with the recent announcement by Visa whereas there will be an acquirer fee assessed on all transactions in November, this is extremely important to our members.

Visa’s response - we did pursue modifying this rule, but required the concurrence of the other Visa regions.  At this time, there will be no change.  Once Visa Inc. is created, this will be evaluated again.

Time for a relief pitcher – As most, if not all of you are aware, Visa/Plus US announced that effective November 1, 2007, Visa/Plus US will be assessing a $0.05 Acquirer Fee on all domestic financial transactions and $0.15 Acquirer Fee on all International financial transactions.
 
ATMIA has appointed a veteran economist to draw up a proposal for a paper on the economic impacts of interchange reductions and fees in the US to those whose business models are negatively impacted by these reductions and fee changes. Please contact lana@atmia.com if you are willing to help provide data, confidentially, of course, as we prepare to attack this issue head on in the right way – through proper research no one can argue with!

Currently, California is the only state still in session, scheduled to adjourn September 14, 2007.

As a reminder the following states have enacted international surcharging:  Alabama , Arkansas, California, Colorado (Effective August 8, 2007), Georgia, Idaho, Louisiana, Maine, Mississippi, Montana, Nevada, New York (Effective October), Tennessee, and Texas

Sponsoring Financial Institutions (SFI) Committee Update

Best Practices for Network Sponsorship – The committee has been busy updating the best practices as appropriate (e.g. the ATM compliance dates, visa.com/pin, etc.), as well as modifying it into landscape configuration, and added item numbers and section headers for easier reference to specific items and subjects.  

ISOs Becoming Their Own Processors – A trend has begun gaining speed recently with ISOs wanting to become their own processor.  This is made possible through various industry products that are available.  Sponsoring Financial Institutions (SFI) have generally found that ISOs purchase these processing products without a full understanding of the steps that must be taken to ensure compliance with the Network Operating Regulations.  Many of these steps may require dedicated resources in order to interpret and comply with all outstanding applicable regulations, but also appropriately address future regulations and mandates (i.e. updates to the PCI standards). 

The committee has put together an informational piece providing a listing of some of the most common standards and regulations applicable to processors.  It is important for ISOs to remember that the contract between the ISO/Processor and the SFI will ensure that all liability related to the acquiring and processing of transactions will be passed on from the SFI to the ISO/Processor.

The SFI committee is currently voting to approve the above documents, so you can expect to see them in your e-mail shortly.

Debit Council (DC) Update

Best Practices for Point of Sale Security

The ATM Industry Association’s Debit Council is renewing its push for better security best practices at Point of Sale terminals as criminals continue to compromise cardholder information by targeting out-of-date or improperly configured POS hardware and software.  ATMIA has published Best Practices for Protecting the Point of Sale Lifecycle and is keen to extend the educational process by which retailers and deployers of POS devices can adopt a lifecycle security approach.

It is the first time that the financial services industry, on both the ATM and POS sides of the business, has collaborated on producing security best practices for the whole POS lifecycle. The lifecycle model used in the best practices defines and addresses eight phases: cardholder security, compliance to existing industry standards, secure deployment of devices, physical security, PIN and encryption security, software security and security during the final de-commissioning process.

This manual, jointly authored with key manufacturers of POS devices, is intended for several audiences: retailers, POS processors, Encryption Service Organizations, auditors, security personnel and managers who have responsibility for securing their POS installations and for meeting network and PCI requirements. 

All best practices are available to members at anytime, by contacting lana@atmia.com.

POS Governance – The DC plans to start mapping out governance issues that are relevant to the POS and do a gap analysis of Version I of the best practices.  The deliverable from this will be Version II. during a meeting in conjunction with the September ATMIA Security Event