Starting in March of this year, NOVA began a series of statement messages to Elan merchant customers concerning their obligations under Visa's Cardholder Information Security Program (CISP) and MasterCard's Site Data Protection (SDP) Program. The 2004 alignment of these two programs has led to the creation of a worldwide standard for consumer data protection known as the Payment Card Industry (PCI) Data Security Standard. Other card companies operating in the U.S. have endorsed the PCI Data Security Standard. The purpose of this communication is to inform you of your institution's responsibilities for ensuring both branch and merchant compliance under these industry wide security programs, and to alert you to the associated penalties for non-compliance. Current penalties range from $50,000 to $500,000, plus the cost of re-issuing cards. As your merchants are increasingly victimized by compromises, their compliance with the CISP and SDP Programs is critical to ensure the protection of cardholder data. It is the specific responsibility of your Financial Institution to ensure that your merchants and third parties who store, process, or transmit cardholder data comply with the CISP and SDP programs in accordance with PCI Data Security Standard. NOVA is informing you to ensure the compliance of all merchants and third parties to data security regulations, including maintaining cardholder account data in a secure environment. Merchant and third parties should never store magnetic stripe data or Card Validation Codes (CVC) codes. In addition, many merchants and third parties must periodically validate their compliance as detailed on the Visa and MasterCard websites listed at the end of this letter. NOVA recommends Trustwave as the preferred vendor for validation of compliance, but a list of available vendors is located at the Visa CISP website. (Click on "assessors" to locate vendors.) Data security is a priority for all of us in the card processing arena, and as our Financial Institution partner, we trust that you will take active steps to ensure the compliance of your branches and merchant customers. Exact requirements for CISP are at: visa.com/cisp* Detailed information regarding SDP can be found at sdp.mastercardintl.com/*. If you have questions, please contact your Relationship Manager or call the Elan Financial Institution Support Center at 800-523-5354, Option 4 or email elanfisc@elansales.com cc: Chief Executive Officer cc: Chief Compliance Officer * This link will take you to a third party site. Elan Financial Services is not responsible for the content of, or products and services provided by, the third party site, nor does it guarantee the accuracy of information contained in the site. Please note that the third party site may have privacy and information security policies that differ from Elan Financial Services'. To ensure that you continue to receive email from us, please add us to your Address Book (announcements@elan-client-communication.com). Thank you. Please do not reply to this message. If you wish to unsubscribe or change your email address, click here to send us an email. You are receiving this email as a client of Elan Financial Services. View the Elan Privacy Policy. Elan Financial Services 777 E. Wisconsin Avenue Milwaukee, Wisconsin 53202