Payment Card Policies
- Credit Card Policy
- Cardholder Merchant Agreement & Request Form
- Annual Policy Acknowledgment Form
- PCI 3rd Party Service Provider Checklist
- PCI Agreement with Service Providers
- PCI Definitions, Links, and Contacts
Merchant Policies Templates (VERSION 4.0)
ALL merchants must select the correct template, update the template, save, and include with their merchant manual.
Merchant Specific Policies & Procedures Template | Description | Operational Policies & Procedures Template | Description |
Category 1 | All credit card processing is outsourced (SAQ A). | Category 1 | All credit card processing is outsourced (SAQ A). |
Category 2 | Merchant only processes payments using a dial up (copper phone line or cellular) terminal (SAQ B). | Category 2 | Merchant only processes payments using a dial up (copper phone line or cellular) terminal (SAQ B). |
Category 2 and 1 | Merchant Business Unit processes payments by dial up or cellular terminal and accepts payments by outsourced e-commerce website (SAQ A & SAQ B). | Category 2 and 1 | Merchant Business Unit processes payments by dial up or cellular terminal and accepts payments by outsourced e-commerce website (SAQ A & SAQ B). |
Category 3 and 1 | "Ticketmaster Lane 3000" + Ticketmaster e-commerce (SAQ A & SAQ B-IP) | Category 3 and 1 | "Ticketmaster Lane 3000" + Ticketmaster e-commerce (SAQ A & SAQ B-IP) |
Category 3, 2 and 1 | "Ticketmaster Lane 3000," Vx520 and/or cellular terminal, and Ticketmaster e-commerce (SAQ A, SAQ B, & SAQ B-IP) | Category 3, 2, and 1 | "Ticketmaster Lane 3000," Vx520 and/or cellular terminal, and Ticketmaster e-commerce (SAQ A, SAQ B, & SAQ B-IP) |
Category P2PE | Merchant only processes payments using a validated P2PE solution or is using an E2EE solution that was audited by our QSA and scope reduction was granted by our acquiring bank (SAQ P2PE-HW). | Category P2PE | Merchant only processes payments using a validated P2PE solution or is using an E2EE solution that was audited by our QSA and scope reduction was granted by our acquiring bank (SAQ P2PE-HW). |
Category P2PE and 1 | Merchant Business Unit processes payments using validated P2PE solution and is also processing payments by outsourced e-commerce website (SAQ A & SAQ P2PE-HW). | Category P2PE and 1 | Merchant Business Unit processes payments using validated P2PE solution and is also processing payments by outsourced e-commerce website (SAQ A & SAQ P2PE-HW). |
Category P2PE, 2, and 1 | Merchant Business Unit processes payments using validated P2PE solution, by dial up or cellular terminal, and also by outsourced e-commerce website (SAQ A, SAQ B, & SAQ P2PE-HW). | Category P2PE, 2, and 1 | Merchant Business Unit processes payments using validated P2PE solution, by dial up or cellular terminal, and also by outsourced e-commerce website (SAQ A, SAQ B, & SAQ P2PE-HW). |
Supplemental Forms
- Capture Device Inventory Log
- Cellular Terminal Log
- Capture Device Periodic Inspection Procedures
- Capture Device Periodic Inspection Log
- Staff Member Training Log
- Skimming/Tampering Training
- Rogue Wireless Inspection Log
- Rogue Wireless Inspection Procedures
- Significant Change Checklist
- DCL4 Highly Restricted Media Transport Approval/Delivery Log
Diagram Guidance
General Merchant Policies
- Information Security Policies
- Incident Response Plan
- Identity Theft
- Cash Receipts Manual - Credit Card Payments
- Records Retention
- Visitor Access
- Password Security
IT / Advanced Security Policies
Reviewed 2024-07-10