Government Relations Update

Surprise Visitor at the ATM Security in the Americas Conference – It came as quite a surprise when Former New York Senator Spano came up to me in Las Vegas to say hello.  He had seen that ATMIA was hosting an event at the Rio, and wanted to touch base with his constituents.  As a last minute addition, Senator Spano addressed the audience prior to the keynote of the first day thanking them for their past support, and refreshing their memory on the successes we have received in New York due to his support, such as helping; our bill to enact international surcharge in New York pass, the industry fight onerous legislation, push bills to increase criminal penalties for ATM offenses.  Senator Spano will help the industry again in 2008 in his new capacity in the private sector to push against patch-work city and county registration ordinances by initiating a state registration bill compiled by the industry to supersede all others.  To get involved in this effort, please feel free to contact lana@atmia.com. 

REMINDER:  International Surcharging in New York begins in October!

Florida Representative Carroll has requested the ATMIA GRC to review the Florida International Surcharge bill again as it will be sent shortly to the bill drafting department so we can file it for the 2008 Session. 

Visa/Plus US responds to ATMIA’s written request that Visa urgently reconsider the new acquirer fees on financial ATM transactions which take effect November 1, 2007. The letter shares Visa’s review why these changes are necessary, and a copy is available upon request from lana@atmia.com to members only.  ATMIA is hosting a conference call on Thursday, October 4th with all ISOs to discuss this further.

Inherent Economic Unfairness Research – As part of the October 4th conference call with the ISOs as mentioned above, we will also be forming an ISO Think Tank decide what kind of economic research may be most beneficial to them in view of continued price adjustments by networks and card associations.

Bad Legislation in Congress - HR 946 “Consumer Overdraft Protection Fair Practices Act.” HR 946 would require that consumers be given overdraft fee notifications at the ATM and POS.  For various reasons, the ATM industry would have significant challenges trying to comply with this ill-conceived measure. 

ATMIA has been working with Nessa Feddis, Senior Federal Counsel at the American Bankers Association (ABA), as they are developing a substitute amendment that would be introduced by a bipartisan group of members, consisting of additional disclosures in lieu of mandates. 
The bill was scheduled for markup on Tuesday, September 25th, however, The House Financial Services Committee did not consider the bill and it is not clear when the panel will act on the legislation. ATMIA will continue to work with the ABA to explore ways to inform and protect consumers without unduly burdening the ATM Industry or Financial Institutions. ATMIA asks its members who have not yet contacted The House Financial Services Committee members to urge them to oppose the bill.

Sponsoring Financial Institutions (SFI) Update

Best Practices for Network Sponsorship – The SFI committee has revised and approved the new version of ATM Best Practices, using a Q&A format covering the following areas:

• Sponsorship                             
• Financial Review of Company
• Review of Principals
• Review of Business Relationships
• Terminal Inventory Procedures and Controls
• Conducting Audits
• Sub-Contractors
• General Business Practices
• Hardware Compliance
• Due Diligence Record Retention
• Anti-Money Laundering

The committee has also compiled a workbook containing sample policies and procedures in regards to many of the above categories. ATMIA provides training on this material and more in conjunction with our events.  For more information on training or to suggest a possible topic please contact lana@atmia.com. 

ISOs Becoming Their Own Processors – During the ATMIA Security conference in Vegas, a panel of experts provided a full understanding of the steps that must be taken to ensure compliance with the Network Operating Regulations for ISOs to become their own processor.  Many of these steps may require dedicated resources in order to interpret and comply with all outstanding applicable regulations, but also appropriately address future regulations and mandates (i.e. updates to the PCI standards).  The committee is providing the above listing of some of the most common standards and regulations applicable to processors. 

The ESO Clearinghouse website has been activated and working.  The clearinghouse allows ESOs to submit the required due diligence information to the ATMIA gaining the convenience of submitting the items only once rather than multiple times to various sponsor banks, as all sponsor banks will be able to access the information through a secure website. It is our belief that this process will reduce the amount of time involved for all parties and allows an ESO to be registered with the Networks very quickly. 

For more information on this process, please feel free to contact lana@atmia.com. 

Debit Council (DC) Update

ATMIA POS best practices are currently being converted to the Q&A format that can be used as a self assessment training manual and should be ready in a few weeks and sent out to ATMIA members. 

PCI Workshop and Workbook – Susan Kohl, President of ThoughtKey, Inc., has put together Policies and Procedures on Data Security covering – PCI, FACTA and Breach Program Management.  ATMIA members are entitled to a copy of this document however, please make note of the disclosure related to its contents.  The workbook was used in conjunction with the PCI workshop presentations at the first PCI Workshop provided at the ATMIA Security conference in Vegas.  This was a pilot workshop on PCI, with the hopes of continuing this type of training at future events, regional training and/or webinars. 

The PCI Security Standards Council hosted their first community meeting, September 17-19, 2007.  The meeting was open to all PCI SSC Participating Organizations, Qualified Security Assessors and Approved Scanning Vendors. At this global event, PCI SSC stakeholders had the opportunity to interact with Council executives and committee members, as well as to network with fellow data security professionals and the Council's Board of Advisors. The event was a forum to enable the sharing of best practices, and to hear about experiences from representatives across the payment industry.  More information on this meeting will be provided by ATMIA to make sure we keep everyone up-to-date.

Legislation Update – Current active legislation – There are only a handful of states that are currently active, most are out of session or in summer recess.  The following bills on gift cards may be of some concern:

• NEW JERSEY  S.B.  1249 – http://www.njleg.state.nj.us/2006/Bills/S1500/1249_I1.HTM
  Summary: Incorporates prepaid bank cards into the existing statutory provisions which regulate the expiration dates and dormancy fees for gift cards and gift certificates generally. Stipulates that these prepaid bank cards include mall gift cards issued by third party banks or other financial institutions which are usable at multiple, unaffiliated merchants within a particular shopping mall. Prohibits the expiration of prepaid bank cards within 24 months immediately following the date of sale by the original purchaser of the card. Proscribes the charging of a dormancy fee against a prepaid bank card within 24 months immediately following the date of sale, and within 24 months immediately following the most recent activity or transaction in which the card is used. Limits the dormancy fee, when applicable, charged against a prepaid bank card to no more than $2 per month. Requires appropriate disclosure of the above card expiration and dormancy fee provisions to prepaid bank card consumers. Takes effect on the 90th day after enactment, except that an action for a violation based upon the requirement as to font size of the required notice shall not accrue for a prepaid bank card issued on or before the 365th day after the date of enactment. 
  Outlook:  The sponsor is a member of the majority party, but he does not sit on the committee of referral. The Legislature recently passed legislation regarding gift cards and certificates, but that measure did not address pre-paid bank cards or mall gift cards. Similar legislation has also been introduced in the Assembly.
  
  
• NEW JERSEY  S.B.  2732 - http://www.njleg.state.nj.us/2006/Bills/S3000/2732_I1.HTM
  Summary: Prohibits the sale of gift cards unless they are packaged or displayed in a manner that prevents a person from viewing the gift card account number before the purchase.
  Outlook:  The sponsor is a member of the majority party but does not sit on the committee of referral. The Assembly companion bill reported out of committee the day it was introduced because the Chair and Vice-Chair of the committee of referral were sponsors. This bill was introduced in the Senate because it has garnered enough interest from the legislators.
  
  The New Jersey Legislature went into summer recess June 21. The Legislature can return from summer recess at any time at the call of leadership but is not expected to return until September.

There are also noted legislative trends where states are codifying PCI regulations into state law…Minnesota and California for example. 

To stay informed on any of the above information, please contact lana@atmia.com.

Disclosure:  This information is copyrighted by ATMIA.  ATMIA Members are entitled to this information as part of their membership however is restricted from forwarding this information in any manner without prior written consent from ATMIA.