Maestro Global Rules (PDF) - MasterCard

More documents

Recommendations

Info

Security 8.4 PIN and Key Management Security Requirements • Assessment of the physical security of the vendor’s site, and • Assessment of the logical security of the vendor’s data network environment, hardware, and software. All personalizers using an Internet connection or wireless LAN to transfer Issuer or Cardholder data must also undergo a network security scan as described in Rule 8.6 of the Site Data Protection Program. The list of vendors that the Corporation has certified to provide Card production services, Certified Vendors (for Card Production Services of Any MasterCard, Maestro, or Cirrus Branded Card) is continually updated. From time to time, the Corporation distributes the current list, which supersedes all previously published lists, in a Global Security Bulletin. 8.3.1.2 Card Design and Production Prior to production, one full color reproduction of the Card with the appropriate Marks must be submitted to the Licensing & Approvals department for approval. When approval is granted, the manufacturer must send two (2) sample Cards of the actual printed stock to the Licensing & Approvals department. Only after written confirmation of the Card design approval, may the manufacturer manufacture and deliver the Cards to the Issuer. Subsequent deliveries of an unchanged Card design do not require separate approval. 8.4 PIN and Key Management Security Requirements All Customers acquiring PIN transactions must comply with the security requirements for PIN and key management as specified in the Payment Card Industry PIN Security Requirements. All Customers performing Issuer PIN processing must refer to the Issuer PIN Policy and Guidelines for all aspects of Issuer PIN management and PIN key management including PIN selection, transmission, storage, usage guidance, and PIN change. 8.4.1 PIN Verification The Issuer is permitted to use the PIN verification algorithm of its preference. Refer to “PIN Generation Verification” in the Single Message System Specifications, Chapter 6, “Encryption,” for more information about PIN verification that the Single Message System performs directly for Maestro Issuers. Refer to “PIN Verification” in the Authorization System Manual, Chapter 9, “Authorization Services Details,” for more information about the MasterCard PIN verification service, in which Single Message System performs PIN verification on behalf of MasterCard issuers, and the two PIN verification methods (IBM 3624 and ABA) supported by the PIN verification service. ©1993–2012 MasterCard. Proprietary. All rights reserved. Maestro Global Rules • 9 November 2012 8-3
Security 8.5 PIN Entry Device Issuers should refer to the Issuer PIN Security Guidelines for more information about Cardholder and Issuer PIN selection. NOTE Regional Rules on this topic appear in Chapter 17, “Europe Region,” of this rulebook. 8.4.2 Stand-In Authorization—Europe Region Only NOTE Regional Rules on this topic appear in Chapter 17, “Europe Region,” of this rulebook. 8.4.3 PIN Transmission between Customer Host Systems and the Interchange System 8.5 PIN Entry Device For detailed requirements about PIN key management and related services, including key change intervals and emergency keys, refer to the manuals listed below. These manuals are available on MasterCard Connect through the Publications product. For Transaction authorization request message routed through… Refer to… Single Message System Single Message System Specifications MasterCard Key Management Center via the On-behalf Key Management (OBKM) Interface On-behalf Key Management (OBKM) Document Set Use of a PIN is required for all Transactions to verify the Cardholder except under the circumstances outlined in Rule 6.4.3 Use of PIN or Signature of this rulebook. The first digit entered into the PIN entry device (PED) must be the high-order digit (far left). The last digit to be entered must be the low-order digit (far right). The PED must incorporate a “clear” key to enable the user to retract incorrect depressions and must have an “enter” key to indicate completion of PIN entry. Acquirers must ensure that POS Terminals: 1. contain a PED that is compliant with the Payment Card Industry PIN Security Requirements; and ©1993–2012 MasterCard. Proprietary. All rights reserved. 8-4 9 November 2012 • Maestro Global Rules
Page 1 and 2:
Maestro Global Rules 9 November 201
Page 3 and 4:
Summary of Changes This document re
Page 5 and 6:
Table of Contents Definitions .....
Page 7 and 8:
Table of Contents 3.12 Contact Info
Page 9 and 10:
Table of Contents 6.2.4 Mobile Paym
Page 11 and 12:
Table of Contents 7.8 Eligible POI
Page 13 and 14:
Table of Contents 8.6.1 Account Pro
Page 15 and 16:
Table of Contents 9.9.3 Noncomplian
Page 17 and 18:
Table of Contents 14.1 Service Prov
Page 19 and 20:
Table of Contents 7.23 ATM Access F
Page 21 and 22:
Table of Contents 2.3 Area of Use .
Page 23 and 24:
Table of Contents 7.2 Additional Ac
Page 25 and 26:
Table of Contents 9.15 Clearing and
Page 27 and 28:
Table of Contents 6.4 PIN and Signa
Page 29 and 30:
Table of Contents 6.4 PIN and Signa
Page 31 and 32:
Table of Contents 7.1.8 Card Accept
Page 33 and 34:
Table of Contents D.8.1 Corresponde
Page 35 and 36:
Activity(ies) The undertaking of an
Page 37 and 38:
Control As used herein, Control has
Page 39 and 40:
Gateway Transaction Any ATM transac
Page 41 and 42:
Maestro Word Mark The Maestro Word
Page 43 and 44:
Payment Transaction A Payment Trans
Page 45 and 46:
Settlement Obligation A financial o
Page 47 and 48:
Chapter 1 Participation This chapte
Page 49 and 50:
Participation 1.2 Eligibility to be
Page 51 and 52:
Participation 1.2 Eligibility to be
Page 53 and 54:
Participation 1.4 Interim Participa
Page 55 and 56:
Participation 1.7 Termination of Li
Page 57 and 58:
Participation 1.7 Termination of Li
Page 59 and 60:
Chapter 2 Licensing and Licensed Ac
Page 61 and 62:
Licensing and Licensed Activities 2
Page 63 and 64:
Licensing and Licensed Activities 2
Page 65 and 66:
Chapter 3 Customer Obligations This
Page 67 and 68:
3.1 Standards Customer Obligations
Page 69 and 70:
3.1.2.1.3 Category C—Efficiency a
Page 71 and 72:
3.1.2.4 Review Process Customer Obl
Page 73 and 74:
3.3 Choice of Laws Customer Obligat
Page 75 and 76:
3.7 Provision and Use of Informatio
Page 77 and 78:
3.7.3 Use of Corporation Informatio
Page 79 and 80:
3.9.2 Photographs Customer Obligati
Page 81 and 82:
3.11.2 Card Count Reporting Procedu
Page 83 and 84:
Customer Obligations 3.18 Expenses
Page 85 and 86:
3.22 Data Protection—Europe Regio
Page 87 and 88:
4.1 Right to Use the Marks Marks 4.
Page 89 and 90:
4.4 Review of Solicitations 4.5 Dis
Page 91 and 92:
4.7.1 Global Minimum Branding Requi
Page 93 and 94:
Chapter 5 Special Issuer Programs T
Page 95 and 96:
Special Issuer Programs 5.1 Special
Page 97 and 98:
Special Issuer Programs 5.2 Affinit
Page 99 and 100:
Special Issuer Programs 5.4 A/CB Ca
Page 101 and 102:
5.6.2 Categories of Prepaid Card Pr
Page 103 and 104:
Special Issuer Programs 5.6 Prepaid
Page 105 and 106:
Special Issuer Programs 5.7 Chip-on
Page 107 and 108:
Issuing 6.4.2 Use of the PIN.......
Page 109 and 110:
Issuing 6.2 Card Standards and Spec
Page 111 and 112:
Page 113 and 114:
Page 115 and 116:
Page 117 and 118:
Page 119 and 120:
Issuing 6.4 PIN and Signature Requi
Page 121 and 122:
Issuing 6.5 Transmitting, Processin
Page 123 and 124:
Issuing 6.8 Mobile Remote Payment T
Page 125 and 126:
Issuing 6.9 Electronic Commerce 6.9
Page 127 and 128:
Issuing 6.11 MasterCard MoneySend P
Page 129 and 130:
Issuing 6.14 Fraud Reporting 6.13.1
Page 131 and 132:
Issuing 6.19 Recurring Payments—E
Page 133 and 134:
Acquiring 7.2 Additional Acquirer O
Page 135 and 136:
Acquiring 7.18.2.2 Disposition of C
Page 137 and 138:
Acquiring 7.1 Acquirer Obligations
Page 139 and 140:
Acquiring 7.1 Acquirer Obligations
Page 141 and 142: Acquiring 7.1 Acquirer Obligations
Page 153 and 154: Acquiring 7.2 Additional Acquirer O
Page 155 and 156: Acquiring 7.3 Additional Acquirer O
Page 157 and 158: Acquiring 7.5 Acquiring Payment Tra
Page 159 and 160: Acquiring 7.6 Acquiring MoneySend P
Page 161 and 162: Acquiring 7.7 Acquiring Mobile Remo
Page 163 and 164: Acquiring 7.9 POS Terminal and Term
Page 165 and 166: Acquiring 7.9 POS Terminal and Term
Page 167 and 168: Acquiring 7.11 Additional Requireme
Page 169 and 170: Acquiring 7.12 Additional Requireme
Page 171 and 172: Acquiring 7.14 POI Terminal Transac
Page 173 and 174: Acquiring 7.15 Requirements for Tra
Page 175 and 176: Acquiring 7.16 POS Terminal and Ter
Page 177 and 178: Acquiring 7.17 Connection to the In
Page 179 and 180: Acquiring 7.18 Card Capture NOTE 7.
Page 181 and 182: Acquiring 7.20 Merchandise Transact
Page 183 and 184: Acquiring 7.23 ATM Access Fees 7.23
Page 185 and 186: Acquiring 7.23 ATM Access Fees 1. t
Page 187 and 188: Acquiring Compliance Zones Rule Num
Page 189 and 190: Security 8.10.4 Acquirer Compliance
Page 191: Security 8.3 Customer Compliance wi
Page 195 and 196: Security 8.6 POS Terminal Communica
Page 197 and 198: Security 8.9 Account Data Compromis
Page 207 and 208: Security 8.10 Site Data Protection
Page 215 and 216: Security 8.11 Algorithms 8.11 Algor
Page 217 and 218: Chapter 9 Processing Requirements T
Page 219 and 220: Processing Requirements 9.12 Floor
Page 221 and 222: Processing Requirements 9.2 POS Tra
Page 229 and 230: Processing Requirements 9.3 Termina
Page 231 and 232: Processing Requirements 9.4 Special
Page 233 and 234: Processing Requirements 9.4 Special
Page 235 and 236: Processing Requirements 9.5 Process
Page 237 and 238: Processing Requirements 9.7 Process
Page 239 and 240: Processing Requirements 9.8 Authori
Page 241 and 242: Processing Requirements 9.8 Authori
Page 243 and 244:
Processing Requirements 9.9 Perform
Page 245 and 246:
Processing Requirements 9.12 Floor
Page 247 and 248:
Processing Requirements 9.13 Ceilin
Page 249 and 250:
Page 251 and 252:
Page 253 and 254:
Page 255 and 256:
Page 257 and 258:
Processing Requirements 9.15 Cleari
Page 259 and 260:
10.1 Definitions 10.2 Settlement Se
Page 261 and 262:
Settlement and Reconciliation 10.4
Page 263 and 264:
Settlement and Reconciliation 10.7
Page 265 and 266:
10.8.2 Intraregional Fees Settlemen
Page 267 and 268:
The Customer must: Settlement and R
Page 269 and 270:
Content Relocated to Chargeback Gui
Page 271 and 272:
Content Relocated to Chargeback Gui
Page 273 and 274:
Liabilities and Indemnification 13.
Page 275 and 276:
13.6 Proprietary Card Mark Liabilit
Page 277 and 278:
Page 279 and 280:
Page 281 and 282:
Chapter 14 Service Providers This c
Page 283 and 284:
14.1 Service Provider Categories Se
Page 285 and 286:
14.1.1 Independent Sales Organizati
Page 287 and 288:
Service Providers 14.3 General Obli
Page 289 and 290:
Service Providers 14.3 General Obli
Page 291 and 292:
14.3.10 Fees Service Providers 14.3
Page 293 and 294:
14.3.15 No Endorsement of the Corpo
Page 295 and 296:
14.4.3 Access to Documentation Serv
Page 297 and 298:
Service Providers 14.6 Service Prov
Page 299 and 300:
Service Providers 14.8 Confidential
Page 301 and 302:
Chapter 15 Asia/Pacific Region This
Page 303 and 304:
Overview Definitions Asia/Pacific R
Page 305 and 306:
1.7 Termination of License Asia/Pac
Page 307 and 308:
6.13 Issuer Responsibilities to Car
Page 309 and 310:
Asia/Pacific Region 7.18 Card Captu
Page 311 and 312:
Asia/Pacific Region 7.23 ATM Access
Page 313 and 314:
Asia/Pacific Region 9.2 POS Transac
Page 315 and 316:
Technical Specifications Compliance
Page 317 and 318:
Canada Region 9.3.1 Issuer Requirem
Page 319 and 320:
Canada Region 6.17 Additional Rules
Page 321 and 322:
Canada Region 7.17 Connection to th
Page 323 and 324:
Canada Region 7.23 ATM Access Fees
Page 325 and 326:
Canada Region 9.8 Authorizations 9.
Page 327 and 328:
Canada Region Section 16a—Canada
Page 329 and 330:
Canada Region 7.1 Acquirer Obligati
Page 331 and 332:
Chapter 17 Europe Region This chapt
Page 333 and 334:
Europe Region 6.4.2.1 Chip Cards...
Page 335 and 336:
Europe Region 8.4 PIN and Key Manag
Page 337 and 338:
Europe Region Technical Specificati
Page 339 and 340:
Overview Definitions Europe Region
Page 341 and 342:
Europe Region 1.1 Types of Customer
Page 343 and 344:
2.3 Area of Use Europe Region 2.3 A
Page 345 and 346:
Europe Region 2.3 Area of Use In al
Page 347 and 348:
The intra-European Maestro Rules, i
Page 349 and 350:
3.4 Examination and Audits The foll
Page 351 and 352:
3.22 Data Protection Europe Region
Page 353 and 354:
Europe Region 4.2 Protection and Re
Page 355 and 356:
Europe Region 5.1 Special Issuer Pr
Page 357 and 358:
6.1 Eligibility Europe Region 6.1 E
Page 359 and 360:
6.2.2 Embossing and Engraving Stand
Page 361 and 362:
6.9 Electronic Commerce Europe Regi
Page 363 and 364:
Croatia Malta Turkey Cyprus Moldova
Page 365 and 366:
6.14 Fraud Reporting Europe Region
Page 367 and 368:
Europe Region 6.19 Recurring Paymen
Page 369 and 370:
7.1.5 Acquiring Transactions Europe
Page 371 and 372:
Europe Region 7.3 Additional Acquir
Page 373 and 374:
7.9.2 Manual Key-entry of PAN Europ
Page 375 and 376:
Europe Region 7.12 Additional Requi
Page 377 and 378:
Europe Region 7.13 Additional Requi
Page 379 and 380:
Europe Region 7.15 Requirements for
Page 381 and 382:
7.15.6 PAN Truncation Requirements
Page 383 and 384:
7.23.1.1 Transaction Field Specific
Page 385 and 386:
Europe Region 7.27 Identification o
Page 387 and 388:
Europe Region 8.13 Signature-based
Page 389 and 390:
Bosnia and Herzegovina Kosovo Slova
Page 391 and 392:
Europe Region 9.2 POS Transaction T
Page 393 and 394:
9.2.2.2 Optional Online POS Transac
Page 395 and 396:
Europe Region 9.2 POS Transaction T
Page 397 and 398:
9.3.2 Acquirer Requirements Europe
Page 399 and 400:
Europe Region 9.4 Special Transacti
Page 401 and 402:
Page 403 and 404:
9.4.7.4 CVC 2/AVS Checks Europe Reg
Page 405 and 406:
Country Code Country Country Code C
Page 407 and 408:
9.8.7 Authorization Response Time 9
Page 409 and 410:
Europe Region 9.9 Performance Stand
Page 411 and 412:
10.2.2 Assessment for Late Settleme
Page 413 and 414:
Europe Region 10.11 Customer Insolv
Page 415 and 416:
13.13 Additional Liabilities 13.13.
Page 417 and 418:
Europe Region Compliance Zones Rule
Page 419 and 420:
Definitions Europe Region Definitio
Page 421 and 422:
7.9 POS Terminal and Terminal Requi
Page 423 and 424:
9.4 Special Transaction Types Europ
Page 425 and 426:
9.4.9 Internet Stored Value Wallets
Page 427 and 428:
Page 429 and 430:
Europe Region 3.6 Non-discriminatio
Page 431 and 432:
Europe Region 6.4 PIN and Signature
Page 433 and 434:
Chapter 18 Latin America and the Ca
Page 435 and 436:
Overview Definitions Latin America
Page 437 and 438:
4.5 Display on Cards Latin America
Page 439 and 440:
6.4.2 Use of the PIN Latin America
Page 441 and 442:
Latin America and the Caribbean Reg
Page 443 and 444:
Page 445 and 446:
9.2.2 Acquirer Online POS Transacti
Page 447 and 448:
Page 449 and 450:
Chapter 19 South Asia/Middle East/A
Page 451 and 452:
South Asia/Middle East/Africa Regio
Page 453 and 454:
South Asia/Middle East/Africa Regio
Page 455 and 456:
Chapter 20 United States Region Thi
Page 457 and 458:
United States Region 7.25.7 Deposit
Page 459 and 460:
United States Region 3.15 Integrity
Page 461 and 462:
United States Region 6.2 Card Stand
Page 463 and 464:
United States Region 6.10 Selective
Page 465 and 466:
United States Region 6.17 Additiona
Page 467 and 468:
United States Region 7.4 Acquiring
Page 469 and 470:
United States Region 7.4 Acquiring
Page 471 and 472:
United States Region 7.10 Hybrid PO
Page 473 and 474:
United States Region 7.17 Connectio
Page 475 and 476:
United States Region 7.23 ATM Acces
Page 477 and 478:
United States Region 7.25 Shared De
Page 479 and 480:
United States Region 7.25 Shared De
Page 481 and 482:
United States Region 9.2 POS Transa
Page 483 and 484:
United States Region 9.2 POS Transa
Page 485 and 486:
United States Region 9.8 Authorizat
Page 487 and 488:
United States Region 10.2 Settlemen
Page 489 and 490:
United States Region Compliance Zon
Page 491 and 492:
Overview Maestro PayPass Overview S
Page 493 and 494:
7.1 Acquirer Obligations and Activi
Page 495 and 496:
7.15 Requirements for Transaction R
Page 497 and 498:
A.1 Asia/Pacific Region Geographica
Page 499 and 500:
• Cyprus • Czech Republic • D
Page 501 and 502:
• Estonia • Finland • France
Page 503 and 504:
• Puerto Rico • St. Kitts-Nevis
Page 505 and 506:
• Qatar • Reunion • Rwanda
Page 507 and 508:
Maestro Merchant Operating Guidelin
Page 509 and 510:
Maestro Merchant Operating Guidelin
Page 511 and 512:
Signage, Screen, and Receipt Text D
Page 513 and 514:
Page 515 and 516:
Page 517 and 518:
Page 519 and 520:
Page 521 and 522:
Page 523 and 524:
Page 525 and 526:
Page 527 and 528:
Page 529 and 530:
Page 531 and 532:
Page 533 and 534:
Page 535 and 536:
Page 537 and 538:
Page 539 and 540:
Page 541 and 542:
Page 543 and 544:
Page 545 and 546:
Page 547 and 548:
Page 549 and 550:
Page 551 and 552:
Page 553 and 554:
Page 555 and 556:
Page 557 and 558:
Page 559 and 560:
Glossary Glossary Glossary This sec
Page 561 and 562:
usiness day Glossary Glossary A “
Page 563 and 564:
data encryption standard (DES) Glos
Page 565 and 566:
global bank holding company Glossar
Page 567 and 568:
offline Glossary Glossary An operat
Page 569 and 570:
PIN verification Glossary Glossary
Page 571 and 572:
scrip Glossary Glossary A printed r
Page 573 and 574:
terminal response time Glossary Glo
show all

Maestro Global Rules (PDF) - MasterCard

Create successful ePaper yourself

Delete template?

Save as template?