Amalgamated Bank of Chicago / Business Banking / Merchant Services

Merchant Services

Enjoy the ease and flexibility provided by Amalgamated Bank of Chicago's merchant services. With Amalgamated Bank of Chicago's merchant services, you can provide various payment options to your customers including MasterCard®, Visa®, Diners Club®, Discover® Card, debit cards and EFT. As a merchant you can offer payment options over the internet or in person.

Features & Benefits

Detailed Reporting

Merchant accounts are notified each morning via the internet of all payments processed and posted to their account the previous day.
Excel and customized interface files to post to payments on your system

Customer Benefits

Opportunity to pay with another payment tool- while earning AmalgaMiles or other rewards at the same time
Ability to pay anytime, anywhere; all with a low nominal fee

For More Information Contact a Merchant Services Representative

Click the button below or call 1-312-822-3206

Questions for Current Merchant Services Customers

What is PCI Compliance?

"PCI compliance" refers to compliance with one or more of the Payment Card Industry's (PCI) Security Standards which have been put in place to protect cardholder data against potential compromise. The PCI Security Standards Council (Council) currently maintains three standards.

I'm a small merchant who has limited payment card transaction volume. Do I need to be compliant with PCI DSS?

All merchants, whether small or large, need to be PCI compliant. The payment brands have collectively adopted PCI DSS as the requirement for organizations that process, store or transmit payment cardholder data. PCI SSC is responsible for managing the security standards while each individual payment brand is responsible for managing and enforcing compliance to these standards.

Is complying with the PCI DSS a one-time event?

While merchants validate PCI DSS compliance once per year, merchants must maintain PCI DSS compliance all year round.

How do we know what level we are?

The current Visa and MasterCard merchant levels and changes from PCI DSS 1.0 to PCI DSS 1.1 are as follows:

Level 1-Visa U.S.A. and MasterCard World Wide transactions totaling 6 million and up, per year, and any merchants who experienced a data breach.
Level 2-Visa and MasterCard transactions totaling 1 million to 6 million per year. (The new requirement expands the number of Level 2 merchants to include former Level 4 merchants.)
Level 3-Visa and MasterCard e-commerce transactions totaling 20,000 to 1 million per year. (The new requirement expands Level 3 to include former Level 2 merchants who process fewer than 1 million e-commerce transactions per year.)
Level 4-Visa and MasterCard e-commerce transactions totaling up to 20,000 per year. (The new requirement decreases the number of Level 4 merchants.), and all other merchants, regardless of acceptance channel, processing up to 1 million Visa or MasterCard transactions per year.

How do we become PCI DSS compliant?

The Prioritized Approach to Pursue PCI DSS Compliance

The current Visa and MasterCard validation requirements are as follows:

Validation procedures and documentation
Acquirers must ensure that their merchants validate at the appropriate level and obtain the required compliance validation documentation from their merchants. Acquirers must submit monthly status reports to Visa and all compliance validation documentation must be made available to Visa upon request. Acquirers and merchants should also verify the compliance reporting requirements of other payment card brands which may require proof of compliance validation.

Compliance validation takes place at the merchant's expense, as follows:

Level 1 Merchants
The Annual On-Site PCI Data Security Assessment must be completed for Level 1 merchants according to the PCI Requirements and Security Assessment Procedures v1.2 document. This document is also to be used as the template for the Report on Compliance.

Level 1 merchants should engage a Qualified Security Assessor to complete the Report on Compliance and provide the report to their acquirer. Alternatively, acquirers may elect to accept the Report on Compliance from a Level 1 merchant, provided that a letter signed by a merchant officer accompanies the report. Level 1 merchants must also submit the Attestation of Compliance for Onsite Assessment - Merchants form completed by their assessor to their acquirers. The Attestation of Compliance for Onsite Assessments - Merchants can be found in the PCI Requirements and Security Assessment Procedures v1.2 document.

Acquirers must submit the Attestation of Compliance for Onsite Assessment - Merchants form and a letter accepting the merchant's full compliance validation to Visa upon receipt and acceptance of the merchant's validation document.

Download the PCI Data Security Standard v 1.2.

Download the Attestation of Compliance for Onsite Assessments - Merchants.
Level 2/Level 3 Merchants
The Annual PCI Self-Assessment Questionnaire is completed by Level 2 and 3 merchants. Level 4 merchants may be required to complete the PCI Self-Assessment Questionnaire as specified by their acquirer.

Download the PCI Self-Assessment Questionnaire.
Level 1/Level 2/Level 3 Merchants
The Quarterly Network Security Scan is an automated tool that checks systems for vulnerabilities. It conducts a non-intrusive scan to remotely review networks and Web applications based in the externally-facing Internet Protocol (IP) address provided by the merchant. Acquirers are responsible for ensuring that the quarterly network security scans required of their levels 1, 2, and 3 merchants are performed by an Approved Scanning Vendor. The Quarterly Network Security Scan is applicable to merchants with externally-facing IP addresses.

Download the PCI Security Scanning Procedures.
Level 4 Merchants
Completion of PCI DSS Self Assessment Questionnaire annually, and quarterly network security scan with an approved ASV. Submit summary of PCI compliance plan, via acquirer, by July 30, 2007. If a breach has been reported, or found, Visa reserves the right to move the Level 4 merchant to a Level 1. If so, the Level 4 merchant must abide by the Level 1 validation requirements.

Level 4 Merchant Validation Actions

1. Recommended Annual PCI self-assessment questionnaire.

2. Recommended Annual Network Scan.

Validation By

1. Merchant.

2. Qualified Independent Scan Vendor.

Master Card PCI Compliance

Merchant Definition	Criteria	Onsite Assessment	Self Assessment	Network Security Scan	Deadline
Level 1	Any merchant that has suffered a hack or an attack that resulted in an account data compromise Any merchant having greater than six million total combined MasterCard and Maestro transactions annually Any merchant that MasterCard, in its sole discretion, determines should meet the Level 1 merchant requirements to minimize risk to the system	Required Annually	Not Required	Required Quarterly	30 June 2005
Level 2	Any merchant with greater than one million but less than or equal to six million total combined MasterCard and Maestro transactions annually	Required Annually	Required Annually Until 31 December 2010	Required Quarterly	31 December 2010
Level 3	Any merchant with greater than 20,000 combined MasterCard and Maestro e-commerce transactions annually but less than or equal to one million total combined MasterCard and Maestro ecommerce transactions annually	Not Required	Required Annually	Required Quarterly	30 June 2005
Level 4	All other merchants	Not Required	Required Annually	Required Quarterly	Consult Acquirer
Sources for more information: http://www.pcicomplianceguide.org/pcifaqs.php http://usa.visa.com/merchants/risk_management/cisp_merchants.html http://www.mastercard.com/us/sdp/education/pci%20merchant%20education%20program.html http://www.mastercard.com/us/sdp/merchants/index.html