FREQUENTLY ASKED QUESTIONS ABOUT
OUR TECHNOLOGY SYSTEMS

Card Compliant offers technology-driven solutions to regulatory and accounting challenges faced by the companies we serve. Our proprietary compliance processing system connects to payment transaction processors, payment program managers, and our clients to process data required for compliance work. Below are frequently asked questions about the technology systems of Card Compliant:

Q. Are you a transaction processer?

No. The transaction processor is the company that provides the system on which payment instruments physically work and where the payment transactions are recorded. Our proprietary systems connect to the transaction processor’s system. We use the transaction data generated by the transaction processors to deliver our compliance solutions and services.

Q. Why did you create your proprietary processing systems?

The electronic payments and related industries are heavily regulated. Application of overlapping laws in a multiple state payments programs is difficult, and compliance work also is frustrated by the large number of small dollar payment instruments usually involved in payments programs. Our solution was to attack the complexity by leveraging technology to manage compliance at the individual item level in the face of the multiple laws and voluminous transactions. Essentially, we let the systems deal with the complexity and volumes – as opposed to humans.

Q. What does your proprietary systems process?

We start with transactions on the payment instruments. Our systems combine the transaction data with information and decisions from the clients. The combined inputs are then processed to support our compliance services and solutions.

Q. Why is transaction data important?

The transactions on prepaid cards and other payment instruments, such as loads and redemptions, drive a large portion of compliance analysis on several subject matters. For example, transactions dominate accounting standards, tax regulations, and unclaimed property statutes. They also drive important aspects of anti-money laundering, impact some consumer protection issues, and the like. They are essential to full statistical accounting for GAAP and other analytics. And, they may be needed for full audit responses.

Q. What happens if we do not have full transaction data?

We usually prefer full data, but we have developed compliance regimens for certain regulations based upon summary data when full transactions data is not available. We also deal regularly with imperfect data and data with gaps.

Q. How many transaction processors do you work with?

Card Compliant has established certified connections for various programs with many different transaction processors, including many major processors. Our technology personnel stand ready to add new connections to additional transaction processing systems.

Q. What happens if we do not have a third party transaction processor?

On occasion, a client has developed its own transaction processing system. In that situation, the client is the transaction processor and we connect to its system. For some projects we occasionally obtain transaction information sourced to traditional accounting ledger entries as opposed to data base systems. Our proprietary systems are designed to input transaction information from a variety of available sources.

Q. How is the transaction data transmitted to you?

We use accepted and secure methods to move data such as using secure FTPC sites. The process often is operationally seamless to a client.

Q. What volumes of transaction data can your system handle?

We handle programs ranging from small volumes of data to those with very large quantities. For some clients we process billions of transactions.

Q. What happens if my company has multiple transaction processors?

An advantage to our proprietary systems is its ability to deal with multiple transaction processors. Our systems are designed to work with data from multiple sources and we have the capability to combine or split data from numerous sources as needed. We have one client that deals regularly with more than fifteen transaction processors.

Q. My company uses a transactions process for the transaction data but maintains its own system for recording personally identifiable information. Does your system function in that environment?

Yes. The systems are designed to receive data from multiple sources and to combine or split data as needed.

Q. Do you have your own source code developers?

Yes. We maintain a staff of source code developers along with quality assurance personnel.

Q. Are there patents involved?

Yes. A patent has been issued to us for several of our systems.

Q. Are you PCI compliant?

Yes. We have been certified as PCI compliant by a third party auditor for several years.

Q. Are you SSAE 18 audited?

Yes. Our proprietary technology systems are subject to controls including the usual controls applicable to software developers. The systems and controls have been subject to SSAE 18 audits by a third party accounting firm for several years.

Q. Where is the data stored?

We store the data in redundant secure data centers located in multiple cities.

Q. Do you have a disaster recovery program?

Yes.

Q. Why should I use your systems?

A primary reason to use the systems is to gain access to our services and solutions which are supported by the system. The system itself has other key attributes. It enables compliance to be conducted at an individual item level in the face of multiple standards and voluminous transactions. It is capable of dealing with data from multiple sources. It can be tooled for custom projects. It has the necessary oversight attributes such as PCI compliance and SSAE 18 audits. Lastly, it services as a redundant data base for future needs in audits notwithstanding changes in transaction processors and client personnel.