sandonoriko
11-23-2009, 01:35 AM
Hello everybody,
I have one question regarding the acount data compromise from the side of our merchants, processors, etc. We, as an acquirer have the contract with our merchants, where is defined, that merchant has to follow the rules and the requirements of pci-dss. If not,they must be prepared that appropriate penalties from Visa,MC, etc. will be transferred from acquirer to their head.
Lets imagine the situation... merchant faces the account data compromise and the penalties from payment card asociations fall firstly to our head. During the investigation of ADC is founded the fact, that the data leakage was from pament application from the merchant. Merchant is well known informed about pci standards and will variance that our contract says only about pci-dss not pa-dss and in this case, they will not want to pay penalties.
I know my question could fall mostly to law branch and depends on how our contracts are builded, but on the other side, the borders of these standards are unclear. I donīt know if we rather update contracts with our merchants also by PA-DSS responsibility or itīs not neccesary.:confused:
Thank you for your point of view.:)
Laura
I have one question regarding the acount data compromise from the side of our merchants, processors, etc. We, as an acquirer have the contract with our merchants, where is defined, that merchant has to follow the rules and the requirements of pci-dss. If not,they must be prepared that appropriate penalties from Visa,MC, etc. will be transferred from acquirer to their head.
Lets imagine the situation... merchant faces the account data compromise and the penalties from payment card asociations fall firstly to our head. During the investigation of ADC is founded the fact, that the data leakage was from pament application from the merchant. Merchant is well known informed about pci standards and will variance that our contract says only about pci-dss not pa-dss and in this case, they will not want to pay penalties.
I know my question could fall mostly to law branch and depends on how our contracts are builded, but on the other side, the borders of these standards are unclear. I donīt know if we rather update contracts with our merchants also by PA-DSS responsibility or itīs not neccesary.:confused:
Thank you for your point of view.:)
Laura