Maestro Global Rules (PDF) - MasterCard

More documents

Recommendations

Info

Chapter 8 Security This chapter contains information about security requirements. 8.1 Compliance .............................................................................................................................. 8-1 8.2 Terminal Compliance Requirements ........................................................................................ 8-1 8.3 Customer Compliance with Card Production Standards........................................................... 8-1 8.3.1 Card Vendor Certification Requirements ......................................................................... 8-2 8.3.1.1 MasterCard Global Vendor Certification Program................................................... 8-2 8.3.1.2 Card Design and Production .................................................................................. 8-3 8.4 PIN and Key Management Security Requirements ................................................................... 8-3 8.4.1 PIN Verification ............................................................................................................... 8-3 8.4.2 Stand-In Authorization—Europe Region Only ................................................................ 8-4 8.4.3 PIN Transmission between Customer Host Systems and the Interchange System........... 8-4 8.5 PIN Entry Device...................................................................................................................... 8-4 8.6 POS Terminal Communication Protocol................................................................................... 8-5 8.6.1 Account Protection Standards ......................................................................................... 8-5 8.6.2 Wireless POS Terminals and Internet/Stand-alone IP-enabled POS Terminal Security Standards ................................................................................................................................. 8-6 8.7 Component Authentication ...................................................................................................... 8-7 8.8 Triple DES Standards................................................................................................................ 8-7 8.9 Account Data Compromise Events........................................................................................... 8-7 8.9.1 Policy Concerning Account Data Compromise Events and Potential Account Data Compromise Events ................................................................................................................. 8-8 8.9.2 Responsibilities in Connection with ADC Events and Potential ADC Events .................. 8-9 8.9.2.1 Time-Specific Procedures for ADC Events and Potential ADC Events.................. 8-10 8.9.2.2 Ongoing Procedures for ADC Events and Potential ADC Events ......................... 8-12 8.9.3 Forensic Report ............................................................................................................. 8-13 8.9.4 Corporation Determination of ADC Event or Potential ADC Event............................... 8-15 8.9.4.1 Assessments for PCI Violations in Connection with ADC Events ......................... 8-15 8.9.4.2 Potential Reduction of Financial Responsibility.................................................... 8-15 8.9.4.3 Investigation and Other Costs .............................................................................. 8-16 8.9.5 Assessments for Noncompliance................................................................................... 8-16 8.10 Site Data Protection Program ............................................................................................... 8-17 8.10.1 Payment Card Industry Data Security Standard ........................................................... 8-17 8.10.2 Compliance Validation Tools....................................................................................... 8-18 8.10.3 Vendor Compliance Testing......................................................................................... 8-18 ©1993–2012 MasterCard. Proprietary. All rights reserved. Maestro Global Rules • 9 November 2012 8-i
Security 8.10.4 Acquirer Compliance Requirements ............................................................................ 8-19 8.10.5 Implementation Schedule............................................................................................ 8-20 8.10.5.1 Merchants ........................................................................................................... 8-21 8.10.5.2 Service Providers ................................................................................................ 8-23 8.10.5.3 MasterCard PCI DSS Risk-based Approach ........................................................ 8-24 8.10.5.4 PCI DSS Compliance Validation Exemption Program—U.S. Region Only........... 8-25 8.11 Algorithms............................................................................................................................ 8-26 8.11.1 Recording and Storing Clearing and Reconciliation Data ............................................ 8-26 8.12 Message Integrity ................................................................................................................. 8-26 8.13 Signature-based Transactions—Europe Region Only ........................................................... 8-27 8.14 Audit Trail—Europe Region Only ........................................................................................ 8-27 8.15 Inspection of Customers—Europe Region Only................................................................... 8-27 Compliance Zones ....................................................................................................................... 8-27 ©1993–2012 MasterCard. Proprietary. All rights reserved. 8-ii 9 November 2012 • Maestro Global Rules
Page 1 and 2:
Maestro Global Rules 9 November 201
Page 3 and 4:
Summary of Changes This document re
Page 5 and 6:
Table of Contents Definitions .....
Page 7 and 8:
Table of Contents 3.12 Contact Info
Page 9 and 10:
Table of Contents 6.2.4 Mobile Paym
Page 11 and 12:
Table of Contents 7.8 Eligible POI
Page 13 and 14:
Table of Contents 8.6.1 Account Pro
Page 15 and 16:
Table of Contents 9.9.3 Noncomplian
Page 17 and 18:
Table of Contents 14.1 Service Prov
Page 19 and 20:
Table of Contents 7.23 ATM Access F
Page 21 and 22:
Table of Contents 2.3 Area of Use .
Page 23 and 24:
Table of Contents 7.2 Additional Ac
Page 25 and 26:
Table of Contents 9.15 Clearing and
Page 27 and 28:
Table of Contents 6.4 PIN and Signa
Page 29 and 30:
Table of Contents 6.4 PIN and Signa
Page 31 and 32:
Table of Contents 7.1.8 Card Accept
Page 33 and 34:
Table of Contents D.8.1 Corresponde
Page 35 and 36:
Activity(ies) The undertaking of an
Page 37 and 38:
Control As used herein, Control has
Page 39 and 40:
Gateway Transaction Any ATM transac
Page 41 and 42:
Maestro Word Mark The Maestro Word
Page 43 and 44:
Payment Transaction A Payment Trans
Page 45 and 46:
Settlement Obligation A financial o
Page 47 and 48:
Chapter 1 Participation This chapte
Page 49 and 50:
Participation 1.2 Eligibility to be
Page 51 and 52:
Participation 1.2 Eligibility to be
Page 53 and 54:
Participation 1.4 Interim Participa
Page 55 and 56:
Participation 1.7 Termination of Li
Page 57 and 58:
Participation 1.7 Termination of Li
Page 59 and 60:
Chapter 2 Licensing and Licensed Ac
Page 61 and 62:
Licensing and Licensed Activities 2
Page 63 and 64:
Licensing and Licensed Activities 2
Page 65 and 66:
Chapter 3 Customer Obligations This
Page 67 and 68:
3.1 Standards Customer Obligations
Page 69 and 70:
3.1.2.1.3 Category C—Efficiency a
Page 71 and 72:
3.1.2.4 Review Process Customer Obl
Page 73 and 74:
3.3 Choice of Laws Customer Obligat
Page 75 and 76:
3.7 Provision and Use of Informatio
Page 77 and 78:
3.7.3 Use of Corporation Informatio
Page 79 and 80:
3.9.2 Photographs Customer Obligati
Page 81 and 82:
3.11.2 Card Count Reporting Procedu
Page 83 and 84:
Customer Obligations 3.18 Expenses
Page 85 and 86:
3.22 Data Protection—Europe Regio
Page 87 and 88:
4.1 Right to Use the Marks Marks 4.
Page 89 and 90:
4.4 Review of Solicitations 4.5 Dis
Page 91 and 92:
4.7.1 Global Minimum Branding Requi
Page 93 and 94:
Chapter 5 Special Issuer Programs T
Page 95 and 96:
Special Issuer Programs 5.1 Special
Page 97 and 98:
Special Issuer Programs 5.2 Affinit
Page 99 and 100:
Special Issuer Programs 5.4 A/CB Ca
Page 101 and 102:
5.6.2 Categories of Prepaid Card Pr
Page 103 and 104:
Special Issuer Programs 5.6 Prepaid
Page 105 and 106:
Special Issuer Programs 5.7 Chip-on
Page 107 and 108:
Issuing 6.4.2 Use of the PIN.......
Page 109 and 110:
Issuing 6.2 Card Standards and Spec
Page 111 and 112:
Page 113 and 114:
Page 115 and 116:
Page 117 and 118:
Page 119 and 120:
Issuing 6.4 PIN and Signature Requi
Page 121 and 122:
Issuing 6.5 Transmitting, Processin
Page 123 and 124:
Issuing 6.8 Mobile Remote Payment T
Page 125 and 126:
Issuing 6.9 Electronic Commerce 6.9
Page 127 and 128:
Issuing 6.11 MasterCard MoneySend P
Page 129 and 130:
Issuing 6.14 Fraud Reporting 6.13.1
Page 131 and 132:
Issuing 6.19 Recurring Payments—E
Page 133 and 134:
Acquiring 7.2 Additional Acquirer O
Page 135 and 136:
Acquiring 7.18.2.2 Disposition of C
Page 137 and 138: Acquiring 7.1 Acquirer Obligations
Page 153 and 154: Acquiring 7.2 Additional Acquirer O
Page 155 and 156: Acquiring 7.3 Additional Acquirer O
Page 157 and 158: Acquiring 7.5 Acquiring Payment Tra
Page 159 and 160: Acquiring 7.6 Acquiring MoneySend P
Page 161 and 162: Acquiring 7.7 Acquiring Mobile Remo
Page 163 and 164: Acquiring 7.9 POS Terminal and Term
Page 165 and 166: Acquiring 7.9 POS Terminal and Term
Page 167 and 168: Acquiring 7.11 Additional Requireme
Page 169 and 170: Acquiring 7.12 Additional Requireme
Page 171 and 172: Acquiring 7.14 POI Terminal Transac
Page 173 and 174: Acquiring 7.15 Requirements for Tra
Page 175 and 176: Acquiring 7.16 POS Terminal and Ter
Page 177 and 178: Acquiring 7.17 Connection to the In
Page 179 and 180: Acquiring 7.18 Card Capture NOTE 7.
Page 181 and 182: Acquiring 7.20 Merchandise Transact
Page 183 and 184: Acquiring 7.23 ATM Access Fees 7.23
Page 185 and 186: Acquiring 7.23 ATM Access Fees 1. t
Page 187: Acquiring Compliance Zones Rule Num
Page 191 and 192: Security 8.3 Customer Compliance wi
Page 193 and 194: Security 8.5 PIN Entry Device Issue
Page 195 and 196: Security 8.6 POS Terminal Communica
Page 197 and 198: Security 8.9 Account Data Compromis
Page 207 and 208: Security 8.10 Site Data Protection
Page 215 and 216: Security 8.11 Algorithms 8.11 Algor
Page 217 and 218: Chapter 9 Processing Requirements T
Page 219 and 220: Processing Requirements 9.12 Floor
Page 221 and 222: Processing Requirements 9.2 POS Tra
Page 229 and 230: Processing Requirements 9.3 Termina
Page 231 and 232: Processing Requirements 9.4 Special
Page 233 and 234: Processing Requirements 9.4 Special
Page 235 and 236: Processing Requirements 9.5 Process
Page 237 and 238: Processing Requirements 9.7 Process
Page 239 and 240:
Processing Requirements 9.8 Authori
Page 241 and 242:
Processing Requirements 9.8 Authori
Page 243 and 244:
Processing Requirements 9.9 Perform
Page 245 and 246:
Processing Requirements 9.12 Floor
Page 247 and 248:
Processing Requirements 9.13 Ceilin
Page 249 and 250:
Page 251 and 252:
Page 253 and 254:
Page 255 and 256:
Page 257 and 258:
Processing Requirements 9.15 Cleari
Page 259 and 260:
10.1 Definitions 10.2 Settlement Se
Page 261 and 262:
Settlement and Reconciliation 10.4
Page 263 and 264:
Settlement and Reconciliation 10.7
Page 265 and 266:
10.8.2 Intraregional Fees Settlemen
Page 267 and 268:
The Customer must: Settlement and R
Page 269 and 270:
Content Relocated to Chargeback Gui
Page 271 and 272:
Content Relocated to Chargeback Gui
Page 273 and 274:
Liabilities and Indemnification 13.
Page 275 and 276:
13.6 Proprietary Card Mark Liabilit
Page 277 and 278:
Page 279 and 280:
Page 281 and 282:
Chapter 14 Service Providers This c
Page 283 and 284:
14.1 Service Provider Categories Se
Page 285 and 286:
14.1.1 Independent Sales Organizati
Page 287 and 288:
Service Providers 14.3 General Obli
Page 289 and 290:
Service Providers 14.3 General Obli
Page 291 and 292:
14.3.10 Fees Service Providers 14.3
Page 293 and 294:
14.3.15 No Endorsement of the Corpo
Page 295 and 296:
14.4.3 Access to Documentation Serv
Page 297 and 298:
Service Providers 14.6 Service Prov
Page 299 and 300:
Service Providers 14.8 Confidential
Page 301 and 302:
Chapter 15 Asia/Pacific Region This
Page 303 and 304:
Overview Definitions Asia/Pacific R
Page 305 and 306:
1.7 Termination of License Asia/Pac
Page 307 and 308:
6.13 Issuer Responsibilities to Car
Page 309 and 310:
Asia/Pacific Region 7.18 Card Captu
Page 311 and 312:
Asia/Pacific Region 7.23 ATM Access
Page 313 and 314:
Asia/Pacific Region 9.2 POS Transac
Page 315 and 316:
Technical Specifications Compliance
Page 317 and 318:
Canada Region 9.3.1 Issuer Requirem
Page 319 and 320:
Canada Region 6.17 Additional Rules
Page 321 and 322:
Canada Region 7.17 Connection to th
Page 323 and 324:
Canada Region 7.23 ATM Access Fees
Page 325 and 326:
Canada Region 9.8 Authorizations 9.
Page 327 and 328:
Canada Region Section 16a—Canada
Page 329 and 330:
Canada Region 7.1 Acquirer Obligati
Page 331 and 332:
Chapter 17 Europe Region This chapt
Page 333 and 334:
Europe Region 6.4.2.1 Chip Cards...
Page 335 and 336:
Europe Region 8.4 PIN and Key Manag
Page 337 and 338:
Europe Region Technical Specificati
Page 339 and 340:
Overview Definitions Europe Region
Page 341 and 342:
Europe Region 1.1 Types of Customer
Page 343 and 344:
2.3 Area of Use Europe Region 2.3 A
Page 345 and 346:
Europe Region 2.3 Area of Use In al
Page 347 and 348:
The intra-European Maestro Rules, i
Page 349 and 350:
3.4 Examination and Audits The foll
Page 351 and 352:
3.22 Data Protection Europe Region
Page 353 and 354:
Europe Region 4.2 Protection and Re
Page 355 and 356:
Europe Region 5.1 Special Issuer Pr
Page 357 and 358:
6.1 Eligibility Europe Region 6.1 E
Page 359 and 360:
6.2.2 Embossing and Engraving Stand
Page 361 and 362:
6.9 Electronic Commerce Europe Regi
Page 363 and 364:
Croatia Malta Turkey Cyprus Moldova
Page 365 and 366:
6.14 Fraud Reporting Europe Region
Page 367 and 368:
Europe Region 6.19 Recurring Paymen
Page 369 and 370:
7.1.5 Acquiring Transactions Europe
Page 371 and 372:
Europe Region 7.3 Additional Acquir
Page 373 and 374:
7.9.2 Manual Key-entry of PAN Europ
Page 375 and 376:
Europe Region 7.12 Additional Requi
Page 377 and 378:
Europe Region 7.13 Additional Requi
Page 379 and 380:
Europe Region 7.15 Requirements for
Page 381 and 382:
7.15.6 PAN Truncation Requirements
Page 383 and 384:
7.23.1.1 Transaction Field Specific
Page 385 and 386:
Europe Region 7.27 Identification o
Page 387 and 388:
Europe Region 8.13 Signature-based
Page 389 and 390:
Bosnia and Herzegovina Kosovo Slova
Page 391 and 392:
Europe Region 9.2 POS Transaction T
Page 393 and 394:
9.2.2.2 Optional Online POS Transac
Page 395 and 396:
Europe Region 9.2 POS Transaction T
Page 397 and 398:
9.3.2 Acquirer Requirements Europe
Page 399 and 400:
Europe Region 9.4 Special Transacti
Page 401 and 402:
Page 403 and 404:
9.4.7.4 CVC 2/AVS Checks Europe Reg
Page 405 and 406:
Country Code Country Country Code C
Page 407 and 408:
9.8.7 Authorization Response Time 9
Page 409 and 410:
Europe Region 9.9 Performance Stand
Page 411 and 412:
10.2.2 Assessment for Late Settleme
Page 413 and 414:
Europe Region 10.11 Customer Insolv
Page 415 and 416:
13.13 Additional Liabilities 13.13.
Page 417 and 418:
Europe Region Compliance Zones Rule
Page 419 and 420:
Definitions Europe Region Definitio
Page 421 and 422:
7.9 POS Terminal and Terminal Requi
Page 423 and 424:
9.4 Special Transaction Types Europ
Page 425 and 426:
9.4.9 Internet Stored Value Wallets
Page 427 and 428:
Page 429 and 430:
Europe Region 3.6 Non-discriminatio
Page 431 and 432:
Europe Region 6.4 PIN and Signature
Page 433 and 434:
Chapter 18 Latin America and the Ca
Page 435 and 436:
Overview Definitions Latin America
Page 437 and 438:
4.5 Display on Cards Latin America
Page 439 and 440:
6.4.2 Use of the PIN Latin America
Page 441 and 442:
Latin America and the Caribbean Reg
Page 443 and 444:
Page 445 and 446:
9.2.2 Acquirer Online POS Transacti
Page 447 and 448:
Page 449 and 450:
Chapter 19 South Asia/Middle East/A
Page 451 and 452:
South Asia/Middle East/Africa Regio
Page 453 and 454:
South Asia/Middle East/Africa Regio
Page 455 and 456:
Chapter 20 United States Region Thi
Page 457 and 458:
United States Region 7.25.7 Deposit
Page 459 and 460:
United States Region 3.15 Integrity
Page 461 and 462:
United States Region 6.2 Card Stand
Page 463 and 464:
United States Region 6.10 Selective
Page 465 and 466:
United States Region 6.17 Additiona
Page 467 and 468:
United States Region 7.4 Acquiring
Page 469 and 470:
United States Region 7.4 Acquiring
Page 471 and 472:
United States Region 7.10 Hybrid PO
Page 473 and 474:
United States Region 7.17 Connectio
Page 475 and 476:
United States Region 7.23 ATM Acces
Page 477 and 478:
United States Region 7.25 Shared De
Page 479 and 480:
United States Region 7.25 Shared De
Page 481 and 482:
United States Region 9.2 POS Transa
Page 483 and 484:
United States Region 9.2 POS Transa
Page 485 and 486:
United States Region 9.8 Authorizat
Page 487 and 488:
United States Region 10.2 Settlemen
Page 489 and 490:
United States Region Compliance Zon
Page 491 and 492:
Overview Maestro PayPass Overview S
Page 493 and 494:
7.1 Acquirer Obligations and Activi
Page 495 and 496:
7.15 Requirements for Transaction R
Page 497 and 498:
A.1 Asia/Pacific Region Geographica
Page 499 and 500:
• Cyprus • Czech Republic • D
Page 501 and 502:
• Estonia • Finland • France
Page 503 and 504:
• Puerto Rico • St. Kitts-Nevis
Page 505 and 506:
• Qatar • Reunion • Rwanda
Page 507 and 508:
Maestro Merchant Operating Guidelin
Page 509 and 510:
Maestro Merchant Operating Guidelin
Page 511 and 512:
Signage, Screen, and Receipt Text D
Page 513 and 514:
Page 515 and 516:
Page 517 and 518:
Page 519 and 520:
Page 521 and 522:
Page 523 and 524:
Page 525 and 526:
Page 527 and 528:
Page 529 and 530:
Page 531 and 532:
Page 533 and 534:
Page 535 and 536:
Page 537 and 538:
Page 539 and 540:
Page 541 and 542:
Page 543 and 544:
Page 545 and 546:
Page 547 and 548:
Page 549 and 550:
Page 551 and 552:
Page 553 and 554:
Page 555 and 556:
Page 557 and 558:
Page 559 and 560:
Glossary Glossary Glossary This sec
Page 561 and 562:
usiness day Glossary Glossary A “
Page 563 and 564:
data encryption standard (DES) Glos
Page 565 and 566:
global bank holding company Glossar
Page 567 and 568:
offline Glossary Glossary An operat
Page 569 and 570:
PIN verification Glossary Glossary
Page 571 and 572:
scrip Glossary Glossary A printed r
Page 573 and 574:
terminal response time Glossary Glo
show all

Maestro Global Rules (PDF) - MasterCard

Create successful ePaper yourself

Delete template?

Save as template?