Friday, August 29, 2008

08/29/08 - Credit Card Data Security Rules

Vitamin Lawyer Update eMemo: August 29, 2008

This issue:

0. News & Practice Notes; Fee Rate Increase
1. New Data Security Rules for Credit Cards Processing
2. Web Ring and Wiki for Advanced Health Care
3. Professional Practice Record Keeping SOP Available

0. VL Blog News and Practice Notes

Blog: http:// vitaminlawyerhealthfreedom .blogspot .com

Internet Abuzz: Avian Flu Weaponized?
www .healthfreedomusa. org/index.php?p=846

Practice Note: Data Security Rules Upgraded

I’ve worked with G. P. Nehra, Esq. regarding nutrient MLM issues and consider him a leading attorney in that world. The report from his office, below, is being shared with his permission. The five specific legal requirements coming into effect on 11.01.08 are being integrated into the Standard Operating Procedures Manual format maintained by the Vitamin Consultancy. Regular retainer clients will automatically receive the updates. Others should email me with “SOP Update” in the subject line; there is a ½ hour fee for this service.

Vitamin Consultancy fees are increasing due to continuing dollar value declines. The new basic fee, starting September 1, 2008, will be $325/hr. Prepaid clients will receive the balance of their time at the original rates. Regular monthly retainer clients will be charged at $275/hr. and will continue to be permitted to use the Vitamin Lawyer Oversight Seal: http:// tinyurl. com/2cfoyb

[Please note: all URL web page links in this email are incomplete, with the “http://” and/or “www.” removed and an extra space before the .com or .org, to avoid this message being treated as “spam” by AOL or other services.]

1. New Data Security Rules for Credit Card Processing


From G.P. Nehra Esq -- Prepared by Rick Waak

The Law Firm has had several inquiries about the announced November 1 effective date for compliance with new tighter data security requirements… [under] the Fair and Accurate Credit Transactions Act…

…[B]ecause of the way the rules affect the payment card industry, their impact covers a much broader segment, virtually all of the commercial world. … The biggest merchant account customers have long since been complying with the strictures of this Industry program as a condition of their using their payment card merchant accounts. Now it is time for smaller merchant users …


If you have or want to have a merchant account which enables you to accept and process payments from your customers or distributors by credit or debit card, you will need to do the following:

1. Establish a written policy for protecting the security of your customer (and employee) account data. The policy must include designation of employees responsible for carrying out the internal monitoring and security check procedures.

2. Determine what your merchant level will be. (based on number of expected transactions, i.e., Level 4 is 0-20,000 , Level 3 is 20,000-1 million, etc.). By accessing the web site at www. pcicomplianceguide .org you can get information and a chart to help make this determination, as well as other guidance that will tell you way more than you ever wanted to know about complying with the Payment Card Industry Data Security System.

3. Select and contract with an Approved Scanning Vendor (ASV). ASVs are industry certified contractors who conduct electronic scans of your data handling systems…

4. Download and complete periodically (as specified for your merchant level) a PCI DSS Self-Assessment Questionnaire.

5. Have the ASV conduct periodic (again, based upon your merchant level) network security scans.

The PCI compliance website, your ASV, your telecommunications vendor, and your merchant banks will all be able to help and advise you.

© Gerald P. Nehra 2008 - Permission to reproduce with attribution - www. mlmatty. com

2. Web Ring and Wiki for Advanced Health Care Update

It is certainly the “Doldrums of Summer…” -- there were some continuing “glitches” since the last updates, but we now expect the Web Ring sign-up page to go live during early September. I will send you all a special link for The Vitamin Consultancy clients and contacts. I know you will want to sign-up for this important new Internet feature.

You can get a sneak preview at: http:// healthcare-aware .com (for the Web Ring) and www .advancedhealthwiki .com (for the Wiki). In previous issues of this Update eMemo I discussed the powerful search engine value of the Web Ring. In the near future I will be providing you with a detailed explanation about how the Web Ring can help your Online presence. I’ve been working on this project since last November, as some of you know. The wait will be worth it!

Here is what one Web Ring company says about the benefits:

“WebRing offers a unique and effective means of searching, locating and navigating between web sites with similar themes. WebRing allows web site owners to group their sites together into ring communities, and provides a navigation tool that links web sites together called a NavBar. Linked sites not only eliminate the necessity of repetitive searches, but the NavBar also accumulates hits from all of the sites so that a hit to one site is a hit to all sites. Additionally, the NavBar acts as a link so your web site is linked to every other site in the community. So now your site is benefiting from higher search engine results because it has more hits and more links.”

3. Professional Practice SOPs

The Vitamin Lawyer .com Consultancy offers standardized formats for various Standard Operating Procedures – for companies in the nutritional and natural products industry, as well as for advanced health care “CAM” practitioners. The Professional Practice Record Keeping SOP describes record keeping standards for the practitioner who provides nutrients and natural remedies to his or her clients.

You can see a list of the topics covered by the SOP at: http:// tinyurl. com/2eu6yj

If you would like a copy of the Professional Practice SOP, please send me an email with “PP-SOP” in the subject line; I charge ½ hour for this service. The SOP is being revised to reflect the new Data Security requirement of “a written policy for protecting the security of your customer…”


Ralph Fucetola JD
www .vitaminlawyer .com
http:// vitaminlawyerarchives .blogspot .com

No comments: