Data security has become a primary consideration for every type of business that accepts credit and debit cards for the payment of goods or services. The five major card networks established the Payment Card Industry Council to oversee the Payment Card Industry – Data Security Standards (PCI-DSS) and to promote the security of the credit and debit card systems.

All merchants and acquirers are required to comply with PCI-DSS and all payment applications must be certified and validated annually. One requirement of PCI-DSS is completing an annual Self-Assessment Questionnaire (SAQ), a validation tool used to assist merchants with their PCI-DSS compliance.

Elavon’s PCI Compliance Program takes a comprehensive approach to help your business meet compliance requirements while protecting your reputation and your bottom line. Please read the enclosed brochure, “Understanding Cardholder Data Security” for specific details about the elements of our program.

Getting started and completing your required SAQ is simple:

• Visit our PCI website, http://pci.elavon.com and select the “IP Solutions” button as your method of processing payments from the home page.

• From there you will be provided with information about PCI requirements and will receive the documents to complete your SAQ.

• Click on the link that will take you through the validation process via our Visa® and MasterCard® accredited Qualified Security Assessor and Approved Scanning Vendor’s website.

You will have until October 29, 2009 to complete the SAQ. If you do not become compliant by that date, you will be assessed a non-compliance fee of $20 per month beginning on your October statement. You will be charged the non-compliance fee until you successfully complete the validation process.

A $175 charge for this service will be assessed annually on your August statement beginning this year. The fee provides for access to our QSA, online compliance validation, up to $100,000 of data breach financial coverage, and assistance should a data breach occur.

If you have already completed the SAQ for 2009 through a PCI Program other than Elavon, please call our Customer Service department at 1-800-377-3962, and arrange to provide confirmation. You will be charged a $35 administrative fee to cover your mandatory program participation.

If you have any questions please call Elavon’s Customer Service department at 1-800-377-3962. We appreciate your business and encourage you to assess your risk level, ensure PCI compliance and protect your bottom line.

Payment Card Industry Data Security Standards (PCI-DSS) and

Payment Application Data Security Standards (PA-DSS) Mandate

PCI-DSS stands for Payment Card Industry Data Security Standards. It was developed by the major credit card companies as a guideline to help organizations that process card payments prevent credit card fraud, hacking and various other security issues. If you are not familiar with these standards and requirements, please visit www.pcisecuritystandards.org for more information.

PA-DSS stands for Payment Application Data Security Standards. Mandates are in place to ensure merchants and agents do not use payment applications known to retain prohibited data elements, such as track data, CVV2 data and/or PIN data.

Why is Compliance Important?

• PCI compliance provides fraud protection for you and your customers by creating a business that is safe and confidential for cardholders to use their credit cards.

• Non compliance makes you vulnerable to fraudulent activity and data breaches which result in cost prohibitive fines and severe loss of brand equity.

• PCI-DSS compliance is mandated by the card associations. The standard is overseen by an independent council of the five major brands. For more information, please visit: www.pcisecuritystandards.org.

Here are just a few important facts to be aware of:

• Merchants should never store prohibitive data subsequent to the authorization. Visit https://www.pcisecuritystandards.org/security_standards/pa_dss.shtml for more information regarding PA-DSS or log on to www.merchantconnect.com and select “Support” from the home page (note: you do not need to enter your User ID and password for this section). Then click on “Compliance and Data Security” to be taken to a page with information and links to valuable industry resources.

• Ensure that your payment application is PCI compliant. As card acceptance technologies and techniques have evolved, payment card fraud has become more sophisticated. Every business that stores or transmits cardholder account data is a potential target.

Getting Started: Assessing your PCI-DSS security compliance

Elavon has teamed with a Visa® and MasterCard® accredited Qualified Security Assessor to help you evaluate your PCI-DSS compliance. To find out how you can protect your customers and adhere to PCI-DSS requirements, visit http://pci.elavon.com and choose your method of payment acceptance to get started. If you have any questions about the program, or experience any problems with the tool, contact Elavon at 1-800-377-3962.