Merchant Services

Protect Your Business

Your customers expect you to keep their sensitive data safe. Don't risk the future of your business. Learn valuable tips and read about tools that can help you establish best practices.

Make sure that your payment solution protects your customer data. Don't Get Phished

Online phishing (pronounced "fishing") is an attempt to trick someone into revealing personal or financial information online. Phishers use phony websites or deceptive emails that mimic trusted businesses and brands to steal protected information such as user names, passwords and credit card numbers.

It's important to remember that Chase Paymentech never requests sensitive account information such as account numbers, user names or passwords, via unsecured channels such as email. If you're ever in doubt, just visit to log in and learn more.

Please follow these steps if you or anyone in your organization has doubts about an email relevant to payment processing or receives a phishing email that claims to come from Chase Paymentech.

  • If you are sent a questionable email, do not respond or click on any links.
  • Forward the email immediately to our abuse team so we can perform a full investigation, including notifying the host provider and taking down the bogus website.
  • If you have received a phishing email from "Chase Paymentech" and have already responded with information, contact us immediately by calling 866.223.3345.

Encrypt Your Payment Data

TDES is an encryption algorithm standard used by all debit-capable transaction terminals for PIN encryption. TDES (also known as Triple DES, TDES or 3DES) was developed to add more security protection in combating potential security breaches by being more secure than its predecessor, Data Encryption Standard (DES).

Security upgrades mandated by Visa® required that all attended point-of-sale devices use TDES. Additional information and lists of validated applications may found on the PCI Security Standards Council Approved PIN Transaction Security (PTS) Devices site.

Mask Card Numbers and Dates

With the growing rate of identity theft and fraud, Visa® and MasterCard® require merchants to comply with "account number truncation."

  • Affects printed receipts
  • You must hide the card expiration date
  • You must hide all but the last four digits of the card number
  • Enforceable by law in many states

For specifics about the laws and requirements in your state, we suggest you review your state's applicable laws and consult with your legal counsel.

Complying with account number truncation may require a new payment application, a new terminal, or both. You can rely on our service support staff to answer your questions and guide you through the latest technology options, so you can choose the best solution for your business.

While we are here to assist you, please keep in mind it is the responsibility of the business owner to comply with federal and state laws, as well as payment brand regulations, relative to account number masking.

Perform a Network Vulnerability Scan

Network vulnerability scans enable you to detect vulnerabilities on your systems, so that you can fix these vulnerabilities, better protect your customer's cardholder data and minimize the risk of attacks on your payment environment. The process is minimally intrusive. External-facing systems are scanned and vulnerabilities that an attacker could exploit to gain access to your systems are reported to you. You should address these network vulnerabilities immediately and then re-scan to confirm that they have been remediated.

Chase Paymentech highly recommends your business conduct regular network vulnerability scans using an Approved Scanning Vendor (ASV). A complete list of vendors is available on the PCI Security Standards Council website. For some merchants, a passing network vulnerability scan is required every quarter in order to be compliant with Visa and MasterCard regulations.