In This Issue
ACH Payments Continue to Grow
Using AVS to Reduce Chargebacks
Washington State Requires PCI DSS Compliance
ProPay Named ETA's 2010 ISO of the Year
ProtectPay Introduces ACH Tokenization
ProtectPay Introduces Payments Blog
Important Dates
Quick Links
Join Our Mailing List!

Welcome to the ProPay newsletter,  a service designed to offer you information on all aspects of payment processing.  In this newsletter ProPay will offer news, analysis and information about topics that may be of interest to those using payment processing solutions. At ProPay, we're proud of the knowledge, experience and expertise of our team, and we are excited to share it with you.  Each month, ProPay will offer analysis of events in the industry, trends that may impact business, and legal and regulatory actions in payment processing. 
This newsletter is provided as a service to you, so we welcome your input on the topics that we cover.  Please feel free to contact us with suggestions.  You can reach us by clicking on the email link at the bottom of this newsletter.  Please feel free to forward this to anyone that you believe may be interested. 
The ProPay Team

ACH Payments Continue to Grow


NACHA recently released statistics for ACH payments in 2009.  As expected this payment method has continued to see rapid growth, recording more than 18.76 billion total ACH transactions.  That number represents growth of 2.6 percent over the previous year.  The three largest areas of growth include direct deposit payments, consumer internet payments and business-to-business (B2B) transactions.  According to NACHA, consumers are continuing to demonstrate a strong preference for "preference for non-check, fully-electronic, payment options."  Native ACH payments, those that are fully electronic and initiated by the consumer, accounted for 12.19 billion transactions over the ACH network.


As preference for ACH continues to grow among consumers, businesses must be increasingly aware of the security of ACH data (bank account and routing numbers).  While consumers have significant protections in the case of a compromise of payment card data, banking information does not have similar protections.  Compromise of banking information often leaves consumers with little recourse.  While NACHA and other organizations work towards establishing security standards for this data,  companies and businesses should be aware of the increased risk this data poses to their customers and take steps to ensure that it is appropriately protected.   

Using Address Verification to Reduce Chargebacks


The most common and widely utilized fraud prevention tool is the Address Verification System (AVS).  Merchants should be aware of this system and the value it offers in identifying high risk transactions, as well as the benefit it can provide in the event of a chargeback.  The AVS system is designed to inform the merchant whether or not the address provided by the cardholder is the same address that is on file with the card-issuing bank. 

An AVS check is done at the time a charge is authorized.  Along with the authorization code, the AVS response is provided by the card-issuing bank.  The AVS code will tell the merchant whether or not the address provided by the cardholder matches the one on file with the card-issuing bank, or to what level the address provided verifies the address on record.  While AVS alone will not tell you if a transaction is legitimate or not, it is a valuable piece of the puzzle in determining whether or not a merchant should allow the transaction to complete, and fulfill the order.  The obvious benefit to using AVS is that a merchant is better able to establish whether or not they are dealing with the actual cardholder.

While AVS is still mainly a domestic service, there are some international banks that participate in the AVS system.   It should also be noted that the use of AVS can strengthen a merchant's position in the event a chargeback has been issued.  If a merchant can prove they received a verified address from the cardholder via AVS, and they shipped the product to that verified address, the merchant will then have a much greater chance of getting that chargeback resolved in their favor.

For more information on AVS codes and what they mean, follow this link.

Washington State Requires PCI DSS Compliance
The state of Washington has recently joined the growing number of states that have, or are considering, passing laws requiring compliance with the Payment Card Industry Data Security Standard (PCI DSS).  According to the Washington law, which takes effect July 1, 2010, any company that processes more than 6 million transactions annually must comply with the PCI DSS.  


The law states that any processor or business fails to take "reasonable" care of the data in their possession, and that failure leads to the compromise of that data, then that entity is responsible for reimbursing issuing banks for the actual costs of re-issuing cards.  It also states that, if legal action is taken against the entity, the issuer is entitled to recover legal fees and other costs associated with the legal action. 


The law does offer a "safe harbor" for those entities that have been validated as compliant by an annual security assessment within the previous year.  Specifically, the law states "For the purposes of this subsection...a processor, business, or vendor's security assessment of compliance is non-revocable."   


To download the full text of the law, click here.

ProPay Named ETA's 2010 ISO of the Year

ProPay was proud to be named ISO of the Year by the Electronic Transaction Association.  This announcement came during the President's Dinner April 13, 2010 at the Electronic Transactions Association (ETA) Annual Meeting and Expo in Las Vegas, NV. ProPay's innovation, ethics and leadership in payment security were all cited as reasons for the honor. 

"ProPay is a pioneer in data security and PCI compliance. They have moved the payments industry forward by using technology to increase merchant compliance and manage risk. They've also exhibited a strong commitment to alternative payments and other value-added strategies. For these reasons ETA is proud to name ProPay as the recipient of ETA's ISO of the YEAR Award," said Carla Balakgie, CEO, Electronic Transaction Association.

ProtectPay Introduces ACH Tokenization
ProPay is proud to announce that customers can now encrypt and tokenize ACH data using the ProtectPay solution.   Like other ProtectPay payment options, ProPay's ACH solution removes the need for businesses to store, transmit, or process sensitive ACH payment data (bank routing and account numbers) on initial and subsequent transactions. ProPay captures and processes the ACH data which is immediately encrypted to protect the data during the initial transmission.  The data is then replaced with a Unique Identifier (UID), also referred to as a token. Businesses then use the UID for future transactions against the data. ProPay's ACH services can be used to collect payments and disburse funds via the ACH network.  ProPay offers its customers flexible options in managing those funds.  They can use ProPay's online interface, batch file processing, or Application Programming Interface (API).

To learn more about encrypting and tokenizing your ACH data, please contact us at or call 888-227-9856.

ProPay Introduces Payments Blog
ProPay's dedication to simple, safe and affordable payment processing solutions is being carried to a new level with the introduction of the ProPay Security & News Blog.  ProPay is proud to offer this new information resource to our merchants and to anyone that has an interest in processing credit and debit card or ACH payments.  The goal of the blog is to provide information and education about payment, risk, data security and payments industry news. 

Contributors to the blog include:
Mark Johnson, CIO
Chris Mark, EVP Data Security and Compliance
Tony Allen, General Counsel
Heather Mark, SVP Market Strategy
Stanton Huntington, Assoc. Legal Counsel
Scott Nelson, VP Marketing

To visit ProPay's blog, please follow this link
Important Dates
ProPay will be offering a series of webinars in conjunction with the ETA.  All of the webinars will take place at 11:00 AM Mountain Time.  The series will include:


Jun 1, 2010          Using Encryption & Tokenization to Mitigate the Risk to Your Business

Jun 16, 2010     Regulatory Constriction: How Data Security  Regulation is Impacting Business

Jul 21, 2010           The Real Costs of a Data Breach

Aug 25, 2010         How Can Acquirers Enable Security and Compliance for their Merchants?

To register for these webinars, please visit the ETA website


June 6-8, 2010 2010 Direct Selling Association Annual Meeting, San Francisco, CA. Visit ProPay at Booth # 516.

June 8-11, 2010 Internet Retailer, Chicago, IL.  Visit ProPay at Booth # 386.

DISCLAIMER:  ProPay, Inc. provides this newsletter only for general information or educational purposes.  Nothing herein should be relied upon without seeking the advice of an attorney or other professional appropriate to the subject matter.  While ProPay, Inc. strives to ensure information in this newsletter is accurate and current, ProPay, Inc. does not guarantee or represent that the information is correct, complete, or up-to-date; nor shall ProPay, Inc. be liable for any indirect, incidental or consequential damages (including lost data, information or profits) sustained or incurred in connection with the use of, operation of, or reliance upon any information contained in this newsletter.