Becoming PCI compliant is a measured way to greatly improve the security posture of your store. However, data security is not a point in time activity, but an ongoing objective. And PCI standards will never take the place of federal or state laws.
Many merchants are aware of the FACTA law, but in case you are not, please read below for very relevant information on how you can protect yourself from a potential lawsuit or security breach:
The Fair and Accurate Credit Transactions Act (FACTA) of 2003 added new sections to the federal Fair Credit Reporting Act (FCRA) primarily to help consumers fight identity theft. It focused on accuracy, privacy, and limits on sharing consumer information – including credit card information. FACTA mandated all machine generated debit or credit card receipts printed after December 4, 2006 cannot contain more than the last 5 digits of the card, nor can they show the expiration date of the card.
Radiant’s CounterPoint POS software introduced standard receipts that only show the last 4 digits of the credit card number and do not show expiration dates beginning with versions 8.3.5 & 7.5.12. Please note that if a custom receipt was created prior to upgrading to either of these releases, that receipt was NOT updated in order to avoid overwriting the customization.
It is imperative that all merchants specifically check their customer receipts to ensure they are showing only the last five digits or less of any card number and are not showing the expiration date at all.
Merchants should review their customer receipts periodically to ensure changes made over time do not violate FACTA.
For more information regarding this legislation, please visit: http://www.treasury.gov/offices/domestic-finance/financial-institution/cip/pdf/fact-act.pdf
Our CounterPoint software is now PCI compliant. Contact us for upgrade information if you have an older version. If you use software other than CounterPoint, it is equally important that your software complies with the above standards.