Maestro Global Rules (PDF) - MasterCard

More documents

Recommendations

Info

8.7 Component Authentication Security 8.7 Component Authentication All components actively participating in the system must authenticate each other by means of cryptographic procedures; either explicitly by a specific authentication protocol or implicitly by correct execution of a cryptographic service providing the possession of secret information, for example, the shared key or the log on ID. A component actively participates in the Corporation if, due to its position in the Corporation, it can evaluate, modify or process security-related information. 8.8 Triple DES Standards Cardholder PINs must be protected between the Point-of-Interaction and the Issuer host system during online PIN-based Transactions as follows: 1. All PIN POS Terminals must be Triple DES, double key length (hereafter referred to as “Triple DES”) capable and deployed in compliance with the requirements set forth in Rule 8.5 of this rulebook. It is strongly recommended that all POS Terminals be “Triple Des” compliant. 2. All ATMs must be “Triple DES” compliant and deployed in compliance with the requirements set forth in Rule 8.5 of this rulebook. 3. All Customer and processor host systems must support “Triple DES.” 4. All Transactions routed to the Interchange System must be “Triple DES.” 8.9 Account Data Compromise Events Definitions As used in this Rule 8.9, the following terms shall have the meaning set forth below: Account Data Compromise Event or ADC Event—an occurrence that results, directly or indirectly, in the unauthorized access to or disclosure of Account data. Agent—any entity that stores, processes or has access to Account data by virtue of its contractual or other relationship, direct or indirect, with a Customer. For the avoidance of doubt, Agents include, but are not limited to, Merchants, TPPs and DSEs (regardless of whether the TPP or DSE is registered with the Corporation). Customer—this term appears in the Definitions chapter of this manual. For the avoidance of doubt, for purposes of this Rule 8.9, any entity that the Corporation licenses to issue a Card(s) and/or to acquire a Transaction(s) shall be deemed to be a Customer. ©1993–2012 MasterCard. Proprietary. All rights reserved. Maestro Global Rules • 9 November 2012 8-7
Security 8.9 Account Data Compromise Events Potential Account Data Compromise Event or Potential ADC Event—an occurrence that could result, directly or indirectly, in the unauthorized access to or disclosure of Account data. 8.9.1 Policy Concerning Account Data Compromise Events and Potential Account Data Compromise Events The Corporation operates a payment solutions system for all of its Customers. Each Customer benefits from, and depends upon, the integrity of that system. ADC Events and Potential ADC Events threaten the integrity of the Corporation system and undermine the confidence of Merchants, Customers, Cardholders and the public at large in the security and viability of the system. Each Customer therefore acknowledges that the Corporation has a compelling interest in adopting, interpreting and enforcing its Standards to protect against and respond to ADC Events and Potential ADC Events. Given the abundance and sophistication of criminals, ADC Events and Potential ADC Events are risks inherent in operating and participating in any system that utilizes payment card account data for financial or non-financial transactions. The Standards are designed to place responsibility for ADC Events and Potential ADC Events on the Customer that is in the best position to guard against and respond to such risk. That Customer is generally the Customer whose network, system or environment was compromised or was vulnerable to compromise or that has a direct or indirect relationship with an Agent whose network, system or environment was compromised or was vulnerable to compromise. In the view of the Corporation, that Customer is in the best position to safeguard its systems, to require and monitor the safeguarding of its Agents’ systems and to insure against, and respond to, ADC Events and Potential ADC Events. The Corporation requires that each Customer apply the utmost diligence and forthrightness in protecting against and responding to any ADC Event or Potential ADC Event. Each Customer acknowledges and agrees that the Corporation has both the right and need to obtain full disclosure (as determined by the Corporation) concerning the causes and effect of an ADC Event or Potential ADC Event as well as the authority to impose assessments, recover costs, and administer compensation, if appropriate, to Customers that have incurred costs, expenses, losses and/or other liabilities in connection with ADC Events and Potential ADC Events. Except as otherwise expressly provided for in the Standards, the Corporation determinations with respect to the occurrence of and responsibility for ADC Events or Potential ADC Events are conclusive and are not subject to appeal or review within the Corporation. Any Customer that is uncertain with respect to rights and obligations relating to or arising in connection with the Account Data Protection Standards and Programs set forth in this Chapter 8 should request advice from MasterCard Fraud Investigations. ©1993–2012 MasterCard. Proprietary. All rights reserved. 8-8 9 November 2012 • Maestro Global Rules
Page 1 and 2:
Maestro Global Rules 9 November 201
Page 3 and 4:
Summary of Changes This document re
Page 5 and 6:
Table of Contents Definitions .....
Page 7 and 8:
Table of Contents 3.12 Contact Info
Page 9 and 10:
Table of Contents 6.2.4 Mobile Paym
Page 11 and 12:
Table of Contents 7.8 Eligible POI
Page 13 and 14:
Table of Contents 8.6.1 Account Pro
Page 15 and 16:
Table of Contents 9.9.3 Noncomplian
Page 17 and 18:
Table of Contents 14.1 Service Prov
Page 19 and 20:
Table of Contents 7.23 ATM Access F
Page 21 and 22:
Table of Contents 2.3 Area of Use .
Page 23 and 24:
Table of Contents 7.2 Additional Ac
Page 25 and 26:
Table of Contents 9.15 Clearing and
Page 27 and 28:
Table of Contents 6.4 PIN and Signa
Page 29 and 30:
Table of Contents 6.4 PIN and Signa
Page 31 and 32:
Table of Contents 7.1.8 Card Accept
Page 33 and 34:
Table of Contents D.8.1 Corresponde
Page 35 and 36:
Activity(ies) The undertaking of an
Page 37 and 38:
Control As used herein, Control has
Page 39 and 40:
Gateway Transaction Any ATM transac
Page 41 and 42:
Maestro Word Mark The Maestro Word
Page 43 and 44:
Payment Transaction A Payment Trans
Page 45 and 46:
Settlement Obligation A financial o
Page 47 and 48:
Chapter 1 Participation This chapte
Page 49 and 50:
Participation 1.2 Eligibility to be
Page 51 and 52:
Participation 1.2 Eligibility to be
Page 53 and 54:
Participation 1.4 Interim Participa
Page 55 and 56:
Participation 1.7 Termination of Li
Page 57 and 58:
Participation 1.7 Termination of Li
Page 59 and 60:
Chapter 2 Licensing and Licensed Ac
Page 61 and 62:
Licensing and Licensed Activities 2
Page 63 and 64:
Licensing and Licensed Activities 2
Page 65 and 66:
Chapter 3 Customer Obligations This
Page 67 and 68:
3.1 Standards Customer Obligations
Page 69 and 70:
3.1.2.1.3 Category C—Efficiency a
Page 71 and 72:
3.1.2.4 Review Process Customer Obl
Page 73 and 74:
3.3 Choice of Laws Customer Obligat
Page 75 and 76:
3.7 Provision and Use of Informatio
Page 77 and 78:
3.7.3 Use of Corporation Informatio
Page 79 and 80:
3.9.2 Photographs Customer Obligati
Page 81 and 82:
3.11.2 Card Count Reporting Procedu
Page 83 and 84:
Customer Obligations 3.18 Expenses
Page 85 and 86:
3.22 Data Protection—Europe Regio
Page 87 and 88:
4.1 Right to Use the Marks Marks 4.
Page 89 and 90:
4.4 Review of Solicitations 4.5 Dis
Page 91 and 92:
4.7.1 Global Minimum Branding Requi
Page 93 and 94:
Chapter 5 Special Issuer Programs T
Page 95 and 96:
Special Issuer Programs 5.1 Special
Page 97 and 98:
Special Issuer Programs 5.2 Affinit
Page 99 and 100:
Special Issuer Programs 5.4 A/CB Ca
Page 101 and 102:
5.6.2 Categories of Prepaid Card Pr
Page 103 and 104:
Special Issuer Programs 5.6 Prepaid
Page 105 and 106:
Special Issuer Programs 5.7 Chip-on
Page 107 and 108:
Issuing 6.4.2 Use of the PIN.......
Page 109 and 110:
Issuing 6.2 Card Standards and Spec
Page 111 and 112:
Page 113 and 114:
Page 115 and 116:
Page 117 and 118:
Page 119 and 120:
Issuing 6.4 PIN and Signature Requi
Page 121 and 122:
Issuing 6.5 Transmitting, Processin
Page 123 and 124:
Issuing 6.8 Mobile Remote Payment T
Page 125 and 126:
Issuing 6.9 Electronic Commerce 6.9
Page 127 and 128:
Issuing 6.11 MasterCard MoneySend P
Page 129 and 130:
Issuing 6.14 Fraud Reporting 6.13.1
Page 131 and 132:
Issuing 6.19 Recurring Payments—E
Page 133 and 134:
Acquiring 7.2 Additional Acquirer O
Page 135 and 136:
Acquiring 7.18.2.2 Disposition of C
Page 137 and 138:
Acquiring 7.1 Acquirer Obligations
Page 139 and 140:
Page 141 and 142:
Page 143 and 144:
Page 145 and 146: Acquiring 7.1 Acquirer Obligations
Page 153 and 154: Acquiring 7.2 Additional Acquirer O
Page 155 and 156: Acquiring 7.3 Additional Acquirer O
Page 157 and 158: Acquiring 7.5 Acquiring Payment Tra
Page 159 and 160: Acquiring 7.6 Acquiring MoneySend P
Page 161 and 162: Acquiring 7.7 Acquiring Mobile Remo
Page 163 and 164: Acquiring 7.9 POS Terminal and Term
Page 165 and 166: Acquiring 7.9 POS Terminal and Term
Page 167 and 168: Acquiring 7.11 Additional Requireme
Page 169 and 170: Acquiring 7.12 Additional Requireme
Page 171 and 172: Acquiring 7.14 POI Terminal Transac
Page 173 and 174: Acquiring 7.15 Requirements for Tra
Page 175 and 176: Acquiring 7.16 POS Terminal and Ter
Page 177 and 178: Acquiring 7.17 Connection to the In
Page 179 and 180: Acquiring 7.18 Card Capture NOTE 7.
Page 181 and 182: Acquiring 7.20 Merchandise Transact
Page 183 and 184: Acquiring 7.23 ATM Access Fees 7.23
Page 185 and 186: Acquiring 7.23 ATM Access Fees 1. t
Page 187 and 188: Acquiring Compliance Zones Rule Num
Page 189 and 190: Security 8.10.4 Acquirer Compliance
Page 191 and 192: Security 8.3 Customer Compliance wi
Page 193 and 194: Security 8.5 PIN Entry Device Issue
Page 195: Security 8.6 POS Terminal Communica
Page 199 and 200: Security 8.9 Account Data Compromis
Page 207 and 208: Security 8.10 Site Data Protection
Page 215 and 216: Security 8.11 Algorithms 8.11 Algor
Page 217 and 218: Chapter 9 Processing Requirements T
Page 219 and 220: Processing Requirements 9.12 Floor
Page 221 and 222: Processing Requirements 9.2 POS Tra
Page 229 and 230: Processing Requirements 9.3 Termina
Page 231 and 232: Processing Requirements 9.4 Special
Page 233 and 234: Processing Requirements 9.4 Special
Page 235 and 236: Processing Requirements 9.5 Process
Page 237 and 238: Processing Requirements 9.7 Process
Page 239 and 240: Processing Requirements 9.8 Authori
Page 241 and 242: Processing Requirements 9.8 Authori
Page 243 and 244: Processing Requirements 9.9 Perform
Page 245 and 246: Processing Requirements 9.12 Floor
Page 247 and 248:
Processing Requirements 9.13 Ceilin
Page 249 and 250:
Page 251 and 252:
Page 253 and 254:
Page 255 and 256:
Page 257 and 258:
Processing Requirements 9.15 Cleari
Page 259 and 260:
10.1 Definitions 10.2 Settlement Se
Page 261 and 262:
Settlement and Reconciliation 10.4
Page 263 and 264:
Settlement and Reconciliation 10.7
Page 265 and 266:
10.8.2 Intraregional Fees Settlemen
Page 267 and 268:
The Customer must: Settlement and R
Page 269 and 270:
Content Relocated to Chargeback Gui
Page 271 and 272:
Content Relocated to Chargeback Gui
Page 273 and 274:
Liabilities and Indemnification 13.
Page 275 and 276:
13.6 Proprietary Card Mark Liabilit
Page 277 and 278:
Page 279 and 280:
Page 281 and 282:
Chapter 14 Service Providers This c
Page 283 and 284:
14.1 Service Provider Categories Se
Page 285 and 286:
14.1.1 Independent Sales Organizati
Page 287 and 288:
Service Providers 14.3 General Obli
Page 289 and 290:
Service Providers 14.3 General Obli
Page 291 and 292:
14.3.10 Fees Service Providers 14.3
Page 293 and 294:
14.3.15 No Endorsement of the Corpo
Page 295 and 296:
14.4.3 Access to Documentation Serv
Page 297 and 298:
Service Providers 14.6 Service Prov
Page 299 and 300:
Service Providers 14.8 Confidential
Page 301 and 302:
Chapter 15 Asia/Pacific Region This
Page 303 and 304:
Overview Definitions Asia/Pacific R
Page 305 and 306:
1.7 Termination of License Asia/Pac
Page 307 and 308:
6.13 Issuer Responsibilities to Car
Page 309 and 310:
Asia/Pacific Region 7.18 Card Captu
Page 311 and 312:
Asia/Pacific Region 7.23 ATM Access
Page 313 and 314:
Asia/Pacific Region 9.2 POS Transac
Page 315 and 316:
Technical Specifications Compliance
Page 317 and 318:
Canada Region 9.3.1 Issuer Requirem
Page 319 and 320:
Canada Region 6.17 Additional Rules
Page 321 and 322:
Canada Region 7.17 Connection to th
Page 323 and 324:
Canada Region 7.23 ATM Access Fees
Page 325 and 326:
Canada Region 9.8 Authorizations 9.
Page 327 and 328:
Canada Region Section 16a—Canada
Page 329 and 330:
Canada Region 7.1 Acquirer Obligati
Page 331 and 332:
Chapter 17 Europe Region This chapt
Page 333 and 334:
Europe Region 6.4.2.1 Chip Cards...
Page 335 and 336:
Europe Region 8.4 PIN and Key Manag
Page 337 and 338:
Europe Region Technical Specificati
Page 339 and 340:
Overview Definitions Europe Region
Page 341 and 342:
Europe Region 1.1 Types of Customer
Page 343 and 344:
2.3 Area of Use Europe Region 2.3 A
Page 345 and 346:
Europe Region 2.3 Area of Use In al
Page 347 and 348:
The intra-European Maestro Rules, i
Page 349 and 350:
3.4 Examination and Audits The foll
Page 351 and 352:
3.22 Data Protection Europe Region
Page 353 and 354:
Europe Region 4.2 Protection and Re
Page 355 and 356:
Europe Region 5.1 Special Issuer Pr
Page 357 and 358:
6.1 Eligibility Europe Region 6.1 E
Page 359 and 360:
6.2.2 Embossing and Engraving Stand
Page 361 and 362:
6.9 Electronic Commerce Europe Regi
Page 363 and 364:
Croatia Malta Turkey Cyprus Moldova
Page 365 and 366:
6.14 Fraud Reporting Europe Region
Page 367 and 368:
Europe Region 6.19 Recurring Paymen
Page 369 and 370:
7.1.5 Acquiring Transactions Europe
Page 371 and 372:
Europe Region 7.3 Additional Acquir
Page 373 and 374:
7.9.2 Manual Key-entry of PAN Europ
Page 375 and 376:
Europe Region 7.12 Additional Requi
Page 377 and 378:
Europe Region 7.13 Additional Requi
Page 379 and 380:
Europe Region 7.15 Requirements for
Page 381 and 382:
7.15.6 PAN Truncation Requirements
Page 383 and 384:
7.23.1.1 Transaction Field Specific
Page 385 and 386:
Europe Region 7.27 Identification o
Page 387 and 388:
Europe Region 8.13 Signature-based
Page 389 and 390:
Bosnia and Herzegovina Kosovo Slova
Page 391 and 392:
Europe Region 9.2 POS Transaction T
Page 393 and 394:
9.2.2.2 Optional Online POS Transac
Page 395 and 396:
Europe Region 9.2 POS Transaction T
Page 397 and 398:
9.3.2 Acquirer Requirements Europe
Page 399 and 400:
Europe Region 9.4 Special Transacti
Page 401 and 402:
Page 403 and 404:
9.4.7.4 CVC 2/AVS Checks Europe Reg
Page 405 and 406:
Country Code Country Country Code C
Page 407 and 408:
9.8.7 Authorization Response Time 9
Page 409 and 410:
Europe Region 9.9 Performance Stand
Page 411 and 412:
10.2.2 Assessment for Late Settleme
Page 413 and 414:
Europe Region 10.11 Customer Insolv
Page 415 and 416:
13.13 Additional Liabilities 13.13.
Page 417 and 418:
Europe Region Compliance Zones Rule
Page 419 and 420:
Definitions Europe Region Definitio
Page 421 and 422:
7.9 POS Terminal and Terminal Requi
Page 423 and 424:
9.4 Special Transaction Types Europ
Page 425 and 426:
9.4.9 Internet Stored Value Wallets
Page 427 and 428:
Page 429 and 430:
Europe Region 3.6 Non-discriminatio
Page 431 and 432:
Europe Region 6.4 PIN and Signature
Page 433 and 434:
Chapter 18 Latin America and the Ca
Page 435 and 436:
Overview Definitions Latin America
Page 437 and 438:
4.5 Display on Cards Latin America
Page 439 and 440:
6.4.2 Use of the PIN Latin America
Page 441 and 442:
Latin America and the Caribbean Reg
Page 443 and 444:
Page 445 and 446:
9.2.2 Acquirer Online POS Transacti
Page 447 and 448:
Page 449 and 450:
Chapter 19 South Asia/Middle East/A
Page 451 and 452:
South Asia/Middle East/Africa Regio
Page 453 and 454:
South Asia/Middle East/Africa Regio
Page 455 and 456:
Chapter 20 United States Region Thi
Page 457 and 458:
United States Region 7.25.7 Deposit
Page 459 and 460:
United States Region 3.15 Integrity
Page 461 and 462:
United States Region 6.2 Card Stand
Page 463 and 464:
United States Region 6.10 Selective
Page 465 and 466:
United States Region 6.17 Additiona
Page 467 and 468:
United States Region 7.4 Acquiring
Page 469 and 470:
United States Region 7.4 Acquiring
Page 471 and 472:
United States Region 7.10 Hybrid PO
Page 473 and 474:
United States Region 7.17 Connectio
Page 475 and 476:
United States Region 7.23 ATM Acces
Page 477 and 478:
United States Region 7.25 Shared De
Page 479 and 480:
United States Region 7.25 Shared De
Page 481 and 482:
United States Region 9.2 POS Transa
Page 483 and 484:
United States Region 9.2 POS Transa
Page 485 and 486:
United States Region 9.8 Authorizat
Page 487 and 488:
United States Region 10.2 Settlemen
Page 489 and 490:
United States Region Compliance Zon
Page 491 and 492:
Overview Maestro PayPass Overview S
Page 493 and 494:
7.1 Acquirer Obligations and Activi
Page 495 and 496:
7.15 Requirements for Transaction R
Page 497 and 498:
A.1 Asia/Pacific Region Geographica
Page 499 and 500:
• Cyprus • Czech Republic • D
Page 501 and 502:
• Estonia • Finland • France
Page 503 and 504:
• Puerto Rico • St. Kitts-Nevis
Page 505 and 506:
• Qatar • Reunion • Rwanda
Page 507 and 508:
Maestro Merchant Operating Guidelin
Page 509 and 510:
Maestro Merchant Operating Guidelin
Page 511 and 512:
Signage, Screen, and Receipt Text D
Page 513 and 514:
Page 515 and 516:
Page 517 and 518:
Page 519 and 520:
Page 521 and 522:
Page 523 and 524:
Page 525 and 526:
Page 527 and 528:
Page 529 and 530:
Page 531 and 532:
Page 533 and 534:
Page 535 and 536:
Page 537 and 538:
Page 539 and 540:
Page 541 and 542:
Page 543 and 544:
Page 545 and 546:
Page 547 and 548:
Page 549 and 550:
Page 551 and 552:
Page 553 and 554:
Page 555 and 556:
Page 557 and 558:
Page 559 and 560:
Glossary Glossary Glossary This sec
Page 561 and 562:
usiness day Glossary Glossary A “
Page 563 and 564:
data encryption standard (DES) Glos
Page 565 and 566:
global bank holding company Glossar
Page 567 and 568:
offline Glossary Glossary An operat
Page 569 and 570:
PIN verification Glossary Glossary
Page 571 and 572:
scrip Glossary Glossary A printed r
Page 573 and 574:
terminal response time Glossary Glo
show all

Maestro Global Rules (PDF) - MasterCard

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?