MasterCard Terminal Identifier Requirement
What is the new requirement from MasterCard?
POS systems, like NCR Counterpoint, that support credit card-present transactions across multiple POS terminals in a location have to send a unique identifier from the workstation/terminal where the POS credit card transaction took place.
When does a merchant need to meet the new requirement?
MasterCard has not released an enforcement date. Based on information from other sources, we expect enforcement to start at the end of 2014.
When will NCR Counterpoint POS versions be available that support the new requirement?
V7 and Counterpoint “SQL” will be updated by July 31, 2013.
What does a merchant need to do to ensure that their NCR Counterpoint system meets the new requirement?
Ensure that their processor supports the new requirement. Ensure that their POS is upgraded to a version that supports the new requirement when it is available.
What is the status of NCR’s development efforts as of July 1, 2013?
Since our last communication, we’ve completed the following development activities:
- Changed V7 to support the MasterCard Terminal requirement for CPGateway. This will be available in a V7 service pack to be delivered before the end of July.
- Changed NCR Counterpoint to support the MasterCard Terminal requirement for CPGateway and NCR Secure Pay. This will be available in NCR Counterpoint service pack 126.96.36.199 and later. 188.8.131.52 is anticipated to be released by the end of July.
- Changed CPGateway’s interface to Chase Paymentech to support the MasterCard Terminal requirement. This change is in testing and will be promoted to production soon. It will require the later version of either V7 or NCR Counterpoint due this month to take advantage of the change, but it is backward compatible, meaning that it will not negatively impact previous versions of V7 or NCR Counterpoint.
At this point, NCR is dependent on processor support for the new requirement, and we are staying abreast of processor efforts to do so. When our versions of V7 and NCR Counterpoint are released later in July, we will send an update to our merchant and partner community.
When can merchants and partners expect to hear from the NCR Counterpoint again on this topic?
The NCR Counterpoint team will provide a written update to the merchant and partner community closer to the release dates for V7 and NCR Counterpoint in July.
The NCR Counterpoint team has become aware of a new fraud prevention requirement instituted by MasterCard. In essence, POS systems, like NCR Counterpoint, that support credit card-present transactions across multiple POS terminals in a location have to send a unique identifier from the workstation/terminal where the POS credit card transaction took place. In the event of a breach, this will allow quicker understanding of whether there is a location-wide problem, or it is relegated to one or more POS terminals.
Last week, NCR’s Counterpoint team became aware of a stated deadline of Friday, April 19, 2013, after merchants who process with Chase Paymentech received an email from the processor explaining the new requirement and how merchants can extend the deadline for compliance with the new requirement.
This is not a PCI mandate or requirement, but rather, a MasterCard card association requirement. While it will not impact a merchant’s PCI compliance, it is a requirement that, if unmet and unplanned for, could ultimately result in warnings and fines directly from MasterCard. Not all processors or POS providers support the requirement as of today, so it is, in some cases, not possible for a merchant to adhere to the new requirement yet. As such, it is unlikely that MasterCard will attempt to enforce the new requirement within the next year. In fact, Chase Paymentech has indicated an adherence deadline of December 2014 for their merchants. We are actively pursuing guidance from other processors and MasterCard regarding an enforcement date.
Currently, no released version of Counterpoint (version 7 or NCR Counterpoint ‘SQL’), supports the MasterCard Terminal Identification requirement Counterpoint’s Product Development team is currently preparing plans to support the requirement for each processor with which we integrate for NCR Counterpoint Gateway and NCR Secure Pay. Compliance will require an update to the POS, whether NCR Counterpoint or V7. The compliant version of NCR Counterpoint will be the 184.108.40.206 Service Pack and later.
We expect to complete the change to NCR Counterpoint and V7, test, and release POS versions compliant with this requirement no later than July 31, 2013.
Individual processor timelines for meeting the requirement will vary, so while the NCR Counterpoint POS versions will be compliant by that date, processor support may follow that date. NCR Counterpoint Gateway and NCR Secure Pay interfaces to processors will be updated as processors make the changes to specifications if they have not yet. At that point, the merchant will have to upgrade to a compliant POS version to take advantage of the capabilities.
If any NCR Counterpoint merchant is asked to provide information about a remediation plan, either to a processor or to MasterCard directly, July 31, 2013, is the date of compliant POS software availability, with processor compliance dates varying. A merchant will need to work with their NCR Counterpoint reseller partner to develop an upgrade plan to get to the new compliant POS software version.
Look for an update from the NCR Counterpoint team by July 1, 2013 on our progress with NCR Counterpoint, a list of processors and their compliance status, and any updates regarding MasterCard’s enforcement dates.