Credit card processing
Close
Login to Your Account
Results 1 to 16 of 16
  1. #1
    Join Date
    Jan 2007
    Country
    UNITED STATES
    State/Province
    Pennsylvania
    Posts
    311
    Post Thanks / Like
    Likes (Given)
    3
    Likes (Received)
    77

    Default Credit card processing

    Iíve have a merchant account through my bank for credit card processing for about 10 years. I key in cards via an online gateway terminal. Very small business. Was just myself. Now one other employee. Iím down to maybe 10-20 credit payments a year. I just got an email about PCI compliance in relation to this merchant account. What level do I have to worry about this and what options are out there for processing very low number of transactions to limit any requirements on you? Over the phone? Drive to the bank and have them key in the transaction?

  2. #2
    Join Date
    May 2011
    Country
    UNITED STATES
    State/Province
    New Jersey
    Posts
    1,609
    Post Thanks / Like
    Likes (Given)
    151
    Likes (Received)
    842

    Default

    Have you looked into square, you plug it into your tablet and/or phone?

  3. Likes Laurentian, Mooner liked this post
  4. #3
    Join Date
    Jan 2007
    Country
    UNITED STATES
    State/Province
    Pennsylvania
    Posts
    311
    Post Thanks / Like
    Likes (Given)
    3
    Likes (Received)
    77

    Default

    Iím not swiping cards I am keying in credit cards. Iím never face to face with my customers. Itís basically purchasers at companies paying by credit card.

  5. #4
    Join Date
    Aug 2002
    Location
    West Unity, Ohio
    Posts
    24,570
    Post Thanks / Like
    Likes (Given)
    4706
    Likes (Received)
    7453

    Default

    What is "PCI" all about?


    ----------------------

    Think Snow Eh!
    Ox

  6. #5
    Join Date
    Jan 2014
    Location
    Temecula, Ca
    Posts
    2,519
    Post Thanks / Like
    Likes (Given)
    1167
    Likes (Received)
    3310

    Default

    I'm in the same boat as you. I get emails all the time "PCI Compliance, Immediate action necessary"

    I always assumed it was just another scam. I delete them all.

  7. Likes Ox, Laurentian liked this post
  8. #6
    Join Date
    Jan 2007
    Country
    UNITED STATES
    State/Province
    Pennsylvania
    Posts
    311
    Post Thanks / Like
    Likes (Given)
    3
    Likes (Received)
    77

    Default

    Quote Originally Posted by Larry Dickman View Post
    I'm in the same boat as you. I get emails all the time "PCI Compliance, Immediate action necessary"

    I always assumed it was just another scam. I delete them all.
    Iím pretty sure itís an organized ďlegalĒ scam. Based in real concerns and issues, but like any other thing where people make a systems of regulations then make money off helping you understand and comply. The email I received is legit I believe. Ignoring it seems like an option. Iím just cautious if Iíd be leaving myself open to any type of fines or other issues down the road. If there was a better alternative for my situation Iíd look into it.

  9. #7
    Join Date
    Jan 2007
    Country
    UNITED STATES
    State/Province
    Pennsylvania
    Posts
    311
    Post Thanks / Like
    Likes (Given)
    3
    Likes (Received)
    77

    Default

    Quote Originally Posted by Ox View Post
    What is "PCI" all about?

    ----------------------

    Think Snow Eh!
    Ox
    Itís like a system of regulations for handling and processing credit card info. Regulations and requirements for computer systems and other stuff. Iím just dealing with a few customers where purchasing agents will pay by credit card to process orders quickly.

  10. #8
    Join Date
    Jan 2014
    Location
    Temecula, Ca
    Posts
    2,519
    Post Thanks / Like
    Likes (Given)
    1167
    Likes (Received)
    3310

    Default

    I just figured if it was legit, it would be coming from my bank, not some bogus company I've never heard of.

  11. Likes Ox, Laurentian liked this post
  12. #9
    Join Date
    Aug 2002
    Location
    West Unity, Ohio
    Posts
    24,570
    Post Thanks / Like
    Likes (Given)
    4706
    Likes (Received)
    7453

    Default

    Quote Originally Posted by baran3 View Post
    It’s like a system of regulations for handling and processing credit card info. Regulations and requirements for computer systems and other stuff. I’m just dealing with a few customers where purchasing agents will pay by credit card to process orders quickly.

    OK, so related to you having someone else's info that you may or may not squirrell away somewhere for more desperate times eh?

    IF this is a real issue (and I'm guessing that it's not - as others have said) then for your app, you could use a work-around of just using a service like Paypal.

    For my recoil sales that I dabble in, for a cpl of years I got the customers info and processed it through paypal myself - looking like a "real" supplier.
    But what I have used the last cpl of years is just sending an invoice via paypal to their e-mail address. They pay the bill in whatever way they like.
    (C/C or maybe funds that they may already have in their paypal account, or ???)

    I never see any of their info, so - if this is actually an issue, this would solve that concern.


    Maybe this has gotten some traction lately?
    I have been having a harder and harder time in recent years about getting the sales voice on the other end of the phone to dig that carbon copy out of the trash and use that guys C/C info for my purchase.
    This may be the issue I'm up agginst?




    ---------------------

    Think Snow Eh!
    Ox

  13. Likes Laurentian liked this post
  14. #10
    Join Date
    Jan 2006
    Location
    Angier, North Carolina
    Posts
    2,469
    Post Thanks / Like
    Likes (Given)
    952
    Likes (Received)
    860

    Default

    PCI is a very big deal in my university setting. I think the acronym stands for "Personal Credit Information" - ?? - but in general the idea covers any sensitive personal information *that you store*. Essentially, you have to show that you are handling and storing personal information securely, such that it won't wind up on the dark web.

    Years ago universities routinely stored social security numbers, for example. Now we only take that number when absolutely necessary, and handle it like gold dust.

    That said, there are certainly companies who are ready to "help" you with PCI compliance ... for a modest fee, of course. May or may not be a complete scam, but certainly not something I would respond to. Much better, if this is a concern for you, to contract with a genuine consultant recommended and vetted by your bank.

  15. #11
    Join Date
    Dec 2013
    Country
    UNITED STATES
    State/Province
    New Hampshire
    Posts
    139
    Post Thanks / Like
    Likes (Given)
    47
    Likes (Received)
    68

    Default

    I have been through PCI compliance testing as a merchant and as a payment processor. (Many years ago now)

    PCI Compliance is a set of security standards implemented by VISA, MC, etc...

    These security requirements are put in place to ensure protection of consumers personal and financial information.

    If you are PCI compliant and you have a breach of data at your place you will not be held liable.
    If you are NOT PCI compliant the you have a breach of data at your place you could be held liable.

    If you are only accepting CCs through a ZON (Square and/or PayPal Here) you will have a very low level of security to meet.

    If you accept payments online through your website you will have a much higher level of standards to meet.
    It becomes even more sticky if you have a website storing CC information or using a non standard or costume processing methods. If you fall into this category, You may have to hire a company (read this as very expensive) to come out and investigate your software and security practices.

    The scam comes from 100's of companies trying to charge you to ensure you are PCI Compliant.

    Most merchant account companies will have a short questionnaire to see what level of PCI Compliance you need to follow and instructions on how to stay PCI compliant, Last I knew these were all free for normal ZON type merchants.

    Again most of my information comes from 5 - 10 years ago.

  16. #12
    Join Date
    May 2002
    Location
    South Central PA
    Posts
    13,255
    Post Thanks / Like
    Likes (Given)
    2030
    Likes (Received)
    3213

    Default

    Quote Originally Posted by jmanatee View Post
    I have been through PCI compliance testing as a merchant and as a payment processor. (Many years ago now)

    PCI Compliance is a set of security standards implemented by VISA, MC, etc...

    These security requirements are put in place to ensure protection of consumers personal and financial information.

    If you are PCI compliant and you have a breach of data at your place you will not be held liable.
    If you are NOT PCI compliant the you have a breach of data at your place you could be held liable.

    If you are only accepting CCs through a ZON (Square and/or PayPal Here) you will have a very low level of security to meet.

    If you accept payments online through your website you will have a much higher level of standards to meet.
    It becomes even more sticky if you have a website storing CC information or using a non standard or costume processing methods. If you fall into this category, You may have to hire a company (read this as very expensive) to come out and investigate your software and security practices.

    The scam comes from 100's of companies trying to charge you to ensure you are PCI Compliant.

    Most merchant account companies will have a short questionnaire to see what level of PCI Compliance you need to follow and instructions on how to stay PCI compliant, Last I knew these were all free for normal ZON type merchants.

    Again most of my information comes from 5 - 10 years ago.
    This is my experience. At a low level it's a "check all the boxes correctly" questionnaire to fill out and return digitally, assuring that you are keeping your system secure from easy intrusion and that you are not storing customer card info digitally. My last one was about 20 pages of questions, the merchant provider also told me how to answer it.
    The consequence for not doing the questionnaire was a higher discount rate for transactions, and the possibility of increased liability for an intrusion as mentioned above. Once I figured out I had to pay .2% more without doing PCI, I did PCI. It's a small PITA, and not frequent. I'd ignore anything about it that didn't come from your merchant provider, and contact your provider directly to ask them about what to do.
    T

  17. #13
    Join Date
    Dec 2007
    Location
    Central Ohio USA
    Posts
    3,721
    Post Thanks / Like
    Likes (Given)
    64
    Likes (Received)
    1679

    Default

    I've used Square for a number of years. Took CC info exclusively over live voice phone call, never retaining it even though it was mainly repeat customers. If I wrote it down on a scrap of paper, I ate the paper after entering the data. (Shredded it, actually.) No emails, texts, PDFs or entry in other systems except the Square app...

  18. #14
    Join Date
    Nov 2007
    Location
    Hamilton, Ontario
    Posts
    1,088
    Post Thanks / Like
    Likes (Given)
    783
    Likes (Received)
    413

    Default

    I use square as well only for remote orders. I use the send an invoice tool on their website. I let my customers know that it will be coming. They follow a link from the email and they key in their card number. I never see the number. Safer all around, I can't be considered as a source of a leaked card number.
    Most of of the customers I was having pay with credit card I am having them use etransfers these days. No charge for most of them and I get the money immediately not a couple days later.

  19. #15
    Join Date
    Apr 2014
    Location
    Dutchess County NY
    Posts
    300
    Post Thanks / Like
    Likes (Given)
    62
    Likes (Received)
    71

    Default

    PCI stands for Payment Card Industry, and the usual standard people talk about is the Data Security Standard (DSS, or PCI-DSS). Google will yield a zillion and three hits, but as others have suggested it's really just a set of credit card security standards to follow. If you follow them and there is a problem, in theory the card company will hold you harmless--and pay you!--rather than holding you responsible and witholding payment. Another set of newer standards are called the EMV (Europay, Mastercard, Visa) standards (which, despite the name, I believe are also used by Amex). Like the PCI standards, the EMV ones are publicly available on the web.

    Work with your bank to see *which* standards to follow and what your responsibilities are if you want the credit card companies to indemnify you; also, ask them if compliance is or will become mandatory to continue to accept credit card payments. Or, take the risk and do what you're been doing as long as your bank continues to process the card payments. But if they stop, catching up will probably be a bit more time consuming than being ahead of the curve so you can take your time implementing whatever it is you might have to do.

    This is not really complicated once you understand the intent, even if the language is sometimes kind of dense--it's feeds and speeds kind of stuff, not microinch tolerance kind of stuff.

    Both sets of standards probably have a much larger effect on software development companies (like the one I retired from) than on merchants who accept credit card payments infrequently, but YMMV.

  20. #16
    Join Date
    Jun 2015
    Country
    UNITED STATES
    State/Province
    Texas
    Posts
    347
    Post Thanks / Like
    Likes (Given)
    68
    Likes (Received)
    82

    Default

    I have to fill out a PCI compliance survey once a year for my merchant account. It's some company that my bank has contracted it out to. Call your bank, it should be through them if they need you to do it. If you are not storing any credit card info, you probably have nothing to worry about.


Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •