Visa and MasterCard’s July 1st deadline for implementing credit card number truncation is only two weeks away. On this date all credit card terminals must be compliant or risk fines starting at $5,000 per violation.
The first phase of this new security initiative was implemented on July 1st, 2003 and required all new terminals to be programmed to use credit card truncation. Existing merchants were unaffected. However, all existing merchants must be compliant as of July 1st of this year. If you are an existing merchant and have not been contacted by your processing bank to have your credit card terminal reprogrammed for credit card truncation, you should contact them immediately and request this to be done. This is important not only because of the potential fines you face if you are not compliant, but you may own a piece of equipment that is not capable of credit card truncation. If this is the case, you will need to account for the time it takes to acquire one and have it programmed. Known terminals that are not credit card truncation compliant include the popular Hypercom T7P with 256K of memory.
Credit card truncation is the removal of the first twelve digits of a consumer’s credit card number from a consumer’s transaction receipt leaving only the last four digits intact. Typically the first twelve numbers of the consumer’s credit card number is replaced with twelve X’s (Example: XXXX-XXXX-XXXX-1234). The purpose of credit card truncation is to prevent fraudsters from being able to use stolen receipts to make fraudulent purchases. Combined with the removal of expiration dates from consumer receipts implemented a few years this should reduce the opportunity for credit card fraud.
It should be noted that credit card truncation only applies to the consumer copy of the transaction receipt. The merchant’s copy can still have the full credit card number present and un-truncated. Also, many states have enacted laws requiring credit card truncation. Besides the fines imposed by Visa and MasterCard you may also face legal action from your state if you fail to comply.