Record Retention Policy in a payment card processor

[AngryAuditor]

Can anyone give me any examples or point me to any regulations that pertain to how long a processor must retain inactive accounts and the associated transactions?

Along the sames lines, are processors subject to the banking regulations when they are not an issuer?

Thanks!

[jbhall56]

Quote:

Originally Posted by AngryAuditor

Can anyone give me any examples or point me to any regulations that pertain to how long a processor must retain inactive accounts and the associated transactions?

If you are in the US, your organization will be driven by your state's banking laws related to retail or revolving credit record retention as well as the requirements of your regulatory oversight body such as the Office of Comptroller of the Currency (OCC), Federal Deposit Insurance Corporation (FDIC), Office of Thrift Supervision (OTS) or the National Credit Union Administration (NCUA).

That said, typically the transaction records have to be retained anywhere from three to five years during the life of the retail or revolving credit agreement and then after the termination of that agreement.

To confirm this, get in touch with your state and federal bank or financial institution examination groups.

Quote:

Originally Posted by AngryAuditor

Along the sames lines, are processors subject to the banking regulations when they are not an issuer?

Yes as they are covered under the federal lending regulations and therefore come under the oversight of at least the OCC. However most are examined by the FDIC as they are typically owned by an FDIC insured institution.

[mike07]

Hey Jball thanks for the input. I was seeking the same information pertaining my merchant account. I had a few problems with credit card numbers saying inactive but it must have been the software.

[jbhall56]

I should have added that while retention is typically three to five years, in the state of Iowa, retention for state banking laws is 11 years. Go figure.