MasterCard Terminal Identifier Requirement
Questions and answers…
What is this new requirement from MasterCard?
POS systems, like NCR Counterpoint, that support credit card-present transactions across multiple POS terminals in a location will have to send a unique identifier from the workstation/terminal where the POS credit card transaction took place.
When does a merchant need to meet the new requirement?
MasterCard has not released an official enforcement date. however, based on information from other sources, NCR has indicated that they expect enforcement to start at the end of 2014.
When will NCR Counterpoint POS versions be available that support the new requirement?
It is currently scheduled that V7 and Counterpoint SQL will be updated by July 31, 2013.
What does a merchant need to do to ensure that their NCR Counterpoint system meets the new requirement?
Ensure that your processor supports the new requirement.
Ensure that your POS software is upgraded to a version that supports the new requirement when it is available.
When can merchants and partners expect to hear from the NCR Counterpoint again on this topic?
The NCR Counterpoint team will provide a written update to the merchant and partner community no later than July 1, 2013
Some additional finer point details:
The NCR Counterpoint team has become aware of a new fraud prevention requirement instituted by MasterCard. In essence, POS systems, like NCR Counterpoint, that support credit card-present transactions across multiple POS terminals in a location will have to send a unique identifier from the workstation/terminal where the POS credit card transaction took place. In the event of a breach, this intent is that this will allow
quicker understanding of whether there is a location-wide problem, or it is relegated to one or more POS terminals.
Last week, NCR’s Counterpoint team became aware of a stated deadline of Friday, April 19, 2013, after merchants who process with Chase Paymentech received an email from the processor explaining the new requirement and how merchants can extend the deadline for compliance with the new requirement.
This is NOT a PCI mandate or requirement, but rather, a MasterCard card association requirement. While it will not impact a merchant’s PCI compliance, it is a requirement that, if unmet and unplanned for, could ultimately result in warnings and fines directly from MasterCard. Not all processors or POS providers support the requirement as of today, so it is, in some cases, not possible for a merchant to adhere to the new requirement yet. As such, it is unlikely that MasterCard will attempt to enforce the new requirement within the next year. In fact, Chase Paymentech has indicated an adherence deadline of December 2014 for their merchants. We are actively pursuing guidance from other processors and MasterCard regarding an enforcement date.
Currently, no released version of Counterpoint (version 7 or NCR Counterpoint ‘SQL’), supports the MasterCard Terminal Identification requirement. Counterpoint’s Product Development team is currently preparing plans to support the requirement for each processor with which they will integrate with NCR Counterpoint Gateway and NCR Secure Pay. Compliance will require an update to your POS software, whether you have NCR Counterpoint (SQL) or CounterPoint V7.
For NCR CounterPoint (SQL), the compliant version will be the 18.104.22.168 Service Pack and later.
For CounterPoint V7, NCR expects to have a POS versions compliant with this requirement no later than July 31, 2013. Individual processor timelines for meeting the requirement will vary, so while the NCR Counterpoint POS versions will be compliant by that date, processor support may follow that date. NCR Counterpoint Gateway and NCR Secure Pay interfaces to processors will be updated as processors make the changes to specifications if they have not yet done so. At that point, the merchant will have to upgrade to a compliant POS version to take advantage of the capabilities.
If any NCR Counterpoint merchant is asked to provide information about a remediation plan, either to a processor or to MasterCard directly, July 31, 2013, is the date of compliant POS software availability, with processor compliance dates varying. Merchants will need to work with their partner, CCS, in order to develop an upgrade plan to get to the new compliant POS software version. This is especially critical if you have any custom programming that may need to be retrofitted.
Look for an update from the NCR Counterpoint team by July 1, 2013 on their progress with NCR Counterpoint, a list of processors and their compliance status, and any updates regarding MasterCard’s enforcement dates.
If you have any questions or concerns regarding this issue, please contact the CCS Retail Systems Support Department.