What's new
What's new
By:
Advanced search…

Credit card processing

B

baran3

Cast Iron
Joined
Jan 28, 2007
Location
Littlestown PA
I’ve have a merchant account through my bank for credit card processing for about 10 years. I key in cards via an online gateway terminal. Very small business. Was just myself. Now one other employee. I’m down to maybe 10-20 credit payments a year. I just got an email about PCI compliance in relation to this merchant account. What level do I have to worry about this and what options are out there for processing very low number of transactions to limit any requirements on you? Over the phone? Drive to the bank and have them key in the transaction?
 
I’m not swiping cards I am keying in credit cards. I’m never face to face with my customers. It’s basically purchasers at companies paying by credit card.
 
I'm in the same boat as you. I get emails all the time "PCI Compliance, Immediate action necessary"

I always assumed it was just another scam. I delete them all.
 
Larry Dickman said:
I'm in the same boat as you. I get emails all the time "PCI Compliance, Immediate action necessary"

I always assumed it was just another scam. I delete them all.
Click to expand...

I’m pretty sure it’s an organized “legal” scam. Based in real concerns and issues, but like any other thing where people make a systems of regulations then make money off helping you understand and comply. The email I received is legit I believe. Ignoring it seems like an option. I’m just cautious if I’d be leaving myself open to any type of fines or other issues down the road. If there was a better alternative for my situation I’d look into it.
 
Ox said:
What is "PCI" all about?

----------------------

Think Snow Eh!
Ox
Click to expand...

It’s like a system of regulations for handling and processing credit card info. Regulations and requirements for computer systems and other stuff. I’m just dealing with a few customers where purchasing agents will pay by credit card to process orders quickly.
 
baran3 said:
It’s like a system of regulations for handling and processing credit card info. Regulations and requirements for computer systems and other stuff. I’m just dealing with a few customers where purchasing agents will pay by credit card to process orders quickly.
Click to expand...


OK, so related to you having someone else's info that you may or may not squirrell away somewhere for more desperate times eh?

IF this is a real issue (and I'm guessing that it's not - as others have said) then for your app, you could use a work-around of just using a service like Paypal.

For my recoil sales that I dabble in, for a cpl of years I got the customers info and processed it through paypal myself - looking like a "real" supplier.
But what I have used the last cpl of years is just sending an invoice via paypal to their e-mail address. They pay the bill in whatever way they like.
(C/C or maybe funds that they may already have in their paypal account, or ???)

I never see any of their info, so - if this is actually an issue, this would solve that concern.


Maybe this has gotten some traction lately?
I have been having a harder and harder time in recent years about getting the sales voice on the other end of the phone to dig that carbon copy out of the trash and use that guys C/C info for my purchase.
This may be the issue I'm up agginst?




---------------------

Think Snow Eh!
Ox
 
PCI is a very big deal in my university setting. I think the acronym stands for "Personal Credit Information" - ?? - but in general the idea covers any sensitive personal information *that you store*. Essentially, you have to show that you are handling and storing personal information securely, such that it won't wind up on the dark web.

Years ago universities routinely stored social security numbers, for example. Now we only take that number when absolutely necessary, and handle it like gold dust.

That said, there are certainly companies who are ready to "help" you with PCI compliance ... for a modest fee, of course. May or may not be a complete scam, but certainly not something I would respond to. Much better, if this is a concern for you, to contract with a genuine consultant recommended and vetted by your bank.
 
I have been through PCI compliance testing as a merchant and as a payment processor. (Many years ago now)

PCI Compliance is a set of security standards implemented by VISA, MC, etc...

These security requirements are put in place to ensure protection of consumers personal and financial information.

If you are PCI compliant and you have a breach of data at your place you will not be held liable.
If you are NOT PCI compliant the you have a breach of data at your place you could be held liable.

If you are only accepting CCs through a ZON (Square and/or PayPal Here) you will have a very low level of security to meet.

If you accept payments online through your website you will have a much higher level of standards to meet.
It becomes even more sticky if you have a website storing CC information or using a non standard or costume processing methods. If you fall into this category, You may have to hire a company (read this as very expensive) to come out and investigate your software and security practices.

The scam comes from 100's of companies trying to charge you to ensure you are PCI Compliant.

Most merchant account companies will have a short questionnaire to see what level of PCI Compliance you need to follow and instructions on how to stay PCI compliant, Last I knew these were all free for normal ZON type merchants.

Again most of my information comes from 5 - 10 years ago.
 
jmanatee said:
I have been through PCI compliance testing as a merchant and as a payment processor. (Many years ago now)

PCI Compliance is a set of security standards implemented by VISA, MC, etc...

These security requirements are put in place to ensure protection of consumers personal and financial information.

If you are PCI compliant and you have a breach of data at your place you will not be held liable.
If you are NOT PCI compliant the you have a breach of data at your place you could be held liable.

If you are only accepting CCs through a ZON (Square and/or PayPal Here) you will have a very low level of security to meet.

If you accept payments online through your website you will have a much higher level of standards to meet.
It becomes even more sticky if you have a website storing CC information or using a non standard or costume processing methods. If you fall into this category, You may have to hire a company (read this as very expensive) to come out and investigate your software and security practices.

The scam comes from 100's of companies trying to charge you to ensure you are PCI Compliant.

Most merchant account companies will have a short questionnaire to see what level of PCI Compliance you need to follow and instructions on how to stay PCI compliant, Last I knew these were all free for normal ZON type merchants.

Again most of my information comes from 5 - 10 years ago.
Click to expand...

This is my experience. At a low level it's a "check all the boxes correctly" questionnaire to fill out and return digitally, assuring that you are keeping your system secure from easy intrusion and that you are not storing customer card info digitally. My last one was about 20 pages of questions, the merchant provider also told me how to answer it.
The consequence for not doing the questionnaire was a higher discount rate for transactions, and the possibility of increased liability for an intrusion as mentioned above. Once I figured out I had to pay .2% more without doing PCI, I did PCI. It's a small PITA, and not frequent. I'd ignore anything about it that didn't come from your merchant provider, and contact your provider directly to ask them about what to do.
T
 
I've used Square for a number of years. Took CC info exclusively over live voice phone call, never retaining it even though it was mainly repeat customers. If I wrote it down on a scrap of paper, I ate the paper after entering the data. ;) (Shredded it, actually.) No emails, texts, PDFs or entry in other systems except the Square app...
 
I use square as well only for remote orders. I use the send an invoice tool on their website. I let my customers know that it will be coming. They follow a link from the email and they key in their card number. I never see the number. Safer all around, I can't be considered as a source of a leaked card number.
Most of of the customers I was having pay with credit card I am having them use etransfers these days. No charge for most of them and I get the money immediately not a couple days later.
 
PCI stands for Payment Card Industry, and the usual standard people talk about is the Data Security Standard (DSS, or PCI-DSS). Google will yield a zillion and three hits, but as others have suggested it's really just a set of credit card security standards to follow. If you follow them and there is a problem, in theory the card company will hold you harmless--and pay you!--rather than holding you responsible and witholding payment. Another set of newer standards are called the EMV (Europay, Mastercard, Visa) standards (which, despite the name, I believe are also used by Amex). Like the PCI standards, the EMV ones are publicly available on the web.

Work with your bank to see *which* standards to follow and what your responsibilities are if you want the credit card companies to indemnify you; also, ask them if compliance is or will become mandatory to continue to accept credit card payments. Or, take the risk and do what you're been doing as long as your bank continues to process the card payments. But if they stop, catching up will probably be a bit more time consuming than being ahead of the curve so you can take your time implementing whatever it is you might have to do.

This is not really complicated once you understand the intent, even if the language is sometimes kind of dense--it's feeds and speeds kind of stuff, not microinch tolerance kind of stuff.

Both sets of standards probably have a much larger effect on software development companies (like the one I retired from) than on merchants who accept credit card payments infrequently, but YMMV.
 
I have to fill out a PCI compliance survey once a year for my merchant account. It's some company that my bank has contracted it out to. Call your bank, it should be through them if they need you to do it. If you are not storing any credit card info, you probably have nothing to worry about.
 
StewartMorrisonv said:
I encountered a similar problem two years ago and decided to contact customer support. They asked me to give them my card details to check the account, and then my card was debited $ 20,000 two months later. I went to the police, but the fraudster wasn't found, although I think it was an employee of my Bank's company. When I realized that the police wouldn't help me, I decided to find the criminal myself and came across a site that describes the methods of carding and how to protect yourself. I was shocked at how easy it's to steal Bank card data so that no one notices any changes. Be careful and follow the security measures of your data. BTW the site I mentioned above:No spam for Y˜ÜÜ
Click to expand...

Spammer.....
 
You must log in or register to reply here.

Similar threads

J
Off Machining Topic: Credit Card Application/Credit Score
2
Replies
32
Views
2K
scott-ak
S
R
Fighting fraud
2 3
Replies
44
Views
7K
michiganbuck
michiganbuck
M
First Employee for 2 yr old shop
2
Replies
38
Views
4K
MwTech Inc
M
T
  • Locked
OT: Credit card fraud
2
Replies
31
Views
5K
Milland
M
I
Accounting Categories and Process of Entering
Replies
5
Views
1K
Stirling
S








 

ABOUT PRACTICAL MACHINIST

With more than 10.6 million unique visitors over the last year, Practical Machinist is the most visited site for metalworking professionals. Practical Machinist is the easiest way to learn new techniques, get answers quickly and discuss common challenges with your peers. Register for the world’s largest manufacturing technology forum for free today to stay in the know.

Learn more about us.

STAY CONNECTED

Facebook Instagram YouTube LinkedIn Pinterest Twitter Tiktok

Register Become a forum member. Register today.

Sign Up Sign up for our e-newsletter.

© 2024 Copyright Practicalmachinist.com. All Rights reserved.

Back
Top