Security and Compliance

Security and Compliance

Security & Compliance
“Security” and “compliance” are two terms synonymous with payment acceptance. Not only do the card brands have their own security and compliance policies, but the U.S. government does as well. The following sections can help you better understand the security and compliance requirements as they relate to federal law, and the individual card brands.


Protecting your business and customers from fraudulent activity is an important component in any payment acceptance program. The following card brands provide risk management and fraud prevention resources:

  • American Express fraud reduction guidelines
  • Discover fraud security
  • MasterCard tools for security success
  • VISA fraud control basics


There has been heightened activity around merchant compliance with the terms of the Fair and Accurate Credit Transactions Act (FACTA), state laws, and other industry regulations regarding the protection of cardholder data and the removal of the expiration date from electronically printed receipts.

Below are the FACTA compliance requirements.

What is the Fair and Accurate Credit Transactions Act (FACTA)?

FACTA is a federal law that states, “No person that accepts credit cards or debit cards for the transaction of business shall print more than the last five digits of the card number or the expiration date upon any receipt provided to the cardholder at the point of sale or transaction.” 15 U.S.C 1681(c)(g).

It is every merchant’s responsibility to understand and comply with FACTA, and, in general, to protect the customer’s cardholder information. In addition, your business may be subject to other state laws that impact the information you may print on receipts. It is a good business practice to check your state laws to determine if you are compliant.

Where can I go for more information on FACTA?

The following resources provide general information on FACTA:

  • Fair & Accurate Credit Transactions Act of 2003
  • Federal Trade Commission Business Alert

If you believe your receipts are not compliant with FACTA, please call your local representative. If you do not, call 888-418-2069.

Ask your sales representative or our Merchant Services group for more information on managing risk and preventing fraud.
You can find more information on fraud prevention and risk management from the following card brands:

  • American Express Fraud Prevention
  • MasterCard Risk Management
  • Visa Risk Management


Merchants can include the logos, brand marks and service marks of the cards they accept on their websites, at their stores, and in customer communications. Each card brand has its own branding requirements, that explain the proper and improper use of their images and marks.

The following card brands provide more information on branding guidelines and requirements as well as artwork, decals and other supplies:

  • American Express acceptance marks
  • Discover acceptance marks
  • MasterCard brand and acceptance marks
  • Visa branding information


Card rules and regulations are not fun to read. However, it is important to know that each card brand has a set of operating regulations that merchants accepting these cards must follow. Card brands publish these operating rules and their interchange rates so that merchants can review them as needed.

You can find the operating/merchant rules and related information from the following card brands:

  • Visa International Operating Regulations
  • MasterCard Rules and Interchange Rates
  • American Express Merchant Policy

While Discover does not publish its operating rules online, merchants can acquire this information by contacting the company directly.