| 1 |
Credit card acquirers setting up shared Point of Sale terminal machines shall obtain a business permit, and shall have entered into contracted merchant agreements and handle bill-paying services. The rights and obligations of each related party shall be specified in the agreements, and card acquirers shall abide by the regulations governing credit card payment receipts and establish security control and management mechanisms.
Date of issue: 15 February 2011
Ref.: Jin-Guan-Yin-Piao-Zi-No.10000038260
Subject: With respect to the sharing of Point of Sale terminal machines by credit card acquirers, please note and forward the information in the explanation below to all credit card member institutions.
Statement:
1. This Letter is issued in response to the 28 January 2011 Bankers Association of the Republic of China Letter Quan-Xin-Zi-1001000086A.
2. In order to increase the level of protection and information security for contracted merchants and cardholders, card acquirers shall comply with the following provisions before using shared Point of Sale terminal machines with other card acquirers:
(1) Each credit card acquirer that participates in sharing a Point of Sale terminal machine shall obtain permission from the FSC to handle card acquiring business, and shall have entered into contracted merchant agreements and pay or collect bills through credit cards on behalf of contracted merchants.
(2) The card acquirer shall first enter into a contracted merchant agreement with a merchant before it may use a Point of Sale terminal machine installed at that merchant by another card acquirer.
(3) In addition, each related party with respect to shared use of a Point of Sale terminal machine shall:
i. Specify in the agreement the respective rights and obligations of each party.
ii. Ensure that the credit card payment receipts of contracted merchants conform to Article 26, paragraph 1, subparagraph 5 of the Regulations Governing Institutions Engaging In Credit Card Business.
iii. Comply with Article 53 of the aforementioned Regulations and establish systems for the control and management of information security for their shared equipment, in order to guarantee the confidentiality and security of transaction information (including but not limited to information such as credit card numbers, transaction content, and transaction authorizations and settlements) and accuracy in data transmission, exchange, and handling.
3. Any current practice of a card acquirer not in compliance with the above provisions shall be adjusted to achieve compliance by 30 April 2011. |