Hello,

Thanks in advance for the information.

1. Any doc or slide/information on the hierarchical links between the related entities in PCI, e.g., Brand Member, Acquirer, Merchant, Processor, Gateway.

2. Clarification of number of transactions. In case of a charge-back to the same card-holder whose transaction is already being taken place, would that be considered as two transactions or one thru the PCI Compliance perspective?

Thanking,

TK1

1. Are you asking about specific roles and responsibilities? E.g., who certifies compliance or approves compensating controls; who issues fines; etc?

2. I believe the tran count refers to original purchase transactions, not subsequent exception items.

Acquirer is a general term that either applies to an acquiring member (bank) or an independent sales organization (ISO). ChasePaymentech is an acquiring member, Heartland Payment Systems is an ISO for Key Bank. Acquiring members hold all liability for their merchant portfolio. Depending upon the ISO contract an ISO acquirer may also hold the liability for their merchant potfolios.

Service Provider is a general description of an organization that is not a merchant or member and stores, processes or transmits cardholder data OR provides services that could adversely impact data. Managed firewall provider is a SP. Each card brand (Visa, MC, Amex etc.) have defined Service Provider categories. A short list is VisaNet Processor (VNP), Gateway, MasterCard Third Party Processor (TPP), MasterCard Data Stroge Entity (DSE), Amex TPP.

Fines/Fees/Penalties are levied on the members who then can 'share the love' and pass on to the merchants etc.

With regard to transaction counts this has been a very difficult question. The card brands and acquirers only have view into the number of actual transactions and not unique accounts. Companies with a large number of recurring transactions may have relatively few unique accounts yet still be classified at a higher classification on pure transaction counts alone. It is a tough situation but the count is on transactions and not unique accounts.

Did this answer all of the questions? If not, let me know and I will add more.

Thanks for the prompt response and insight. I truly appreciate the Forum's helpful advice and information.

TK1