Key Regulations & Concepts
- PCI DSS: scope, SAQ types, and why EMV + tokenization reduce exposure.
- Card‑brand rules: differences between surcharging and dual pricing; signage and receipt requirements.
- Data privacy: handling of PAN, storage prohibitions, device hardening.
Documentation You’ll Reuse Every Week
- Standardized merchant applications with clear MCC guidance
- Chargeback response templates by reason code
- Dual pricing signage and receipt language
- Quarterly compliance checklist (devices, firmware, user permissions)
Underwriting Red Flags
- Mismatch between MCC and activity
- Sudden volume spikes or card‑not‑present jumps
- High refund ratios, split tickets, cash advance behavior
Incident Response (When Stuff Happens)
- Acknowledge the issue to the merchant and freeze any suspicious activity.
- Pull logs, batch data, and device IDs.
- File bank and brand notices as required.
- Remediate: device swap, password resets, training refresh.
MPG Compliance Resources
- PCI self‑assessment support and reminders
- Pre‑vetted signage and receipt templates for dual pricing
- US‑based support that can coordinate on‑site resolution for escalations
FAQ
Do small merchants really need PCI? Yes—everyone who accepts cards has responsibilities. MPG helps minimize scope and complete SAQs.
Is surcharging the same as dual pricing? No. Surcharging adds a fee to card payments; dual pricing presents a cash price and a card price with required signage.
Want to co‑brand a portfolio‑ready payment stack with US‑based support? Request a free consultation and we’ll map your targets, pricing, and first 90 days.