Storing sensitive credit card customer information is something that used to be taken lightly, not any more. PCI or the Payment Card Industry regulates the storage of this sensitive information. This means if you accept credit cards, you and your processor need to be PCI compliant. Since PCI compliance for storage of cardholder data is usually out of reach for most merchants how can you rebill a return customer without asking for payment information and without violating PCI rules?
Customer Management
The simple way to comply with PCI and still have the ability to rebill your customers is to use a PCI approved 3rd party to store the credit card information. Its a relatively new concept but most processors are starting to offer this service. Here's how it works. The credit card payment information is passed securely to the payment processor. The payment processor issues a customer ID, the next time you need to bill that customer you just send the customer ID.
PCI Compliance
As the Payment Card Industry starts enforcing these rules on the merchant having the customer data stored elsewhere is going to gain popularity. This method ensures you are in compliance with the Payment Card Industries rules because you are not storing the credit card number of the customer. All that needs to be stored is the customer id.
Sunday, November 30, 2008
Friday, November 28, 2008
How Can I Save Money on Payment Processing?
A good question. The cost of payment processing seems to something most businesses just accept. While its true there is some flexibility from vendor to vendor there is one way to save a ton of money on your payment processing. Start accepting checks or ACH payments.
Credit card transaction fees include monthly, per transaction, and usually a percentage of the transaction. When you take a check your don't have to pay the percentage of the transaction fee. Why? MasterCard and Visa interchange fees are passed on to you the merchant.
It gets worse if you don't have a merchant account and use a company like 2Checkout or Paypal your per transaction fees will eat up most of your profits. If your serious about business please get a merchant account!
The best way to save money is to get a merchant account and accept ACH transactions (checks). All that is needed from the customer is a transit routing number and an account number. These are clearly printed on all checks.
Here is a very simple example for a $5,000 transaction.
Credit card
$125 2.5% of the transaction
.30 per transaction
$125.30 Fee total
Check
.30 per transaction
$.30 Fee total.
Start taking checks today. Its as easy as taking a credit card and the savings are tremedous.
Credit card transaction fees include monthly, per transaction, and usually a percentage of the transaction. When you take a check your don't have to pay the percentage of the transaction fee. Why? MasterCard and Visa interchange fees are passed on to you the merchant.
It gets worse if you don't have a merchant account and use a company like 2Checkout or Paypal your per transaction fees will eat up most of your profits. If your serious about business please get a merchant account!
The best way to save money is to get a merchant account and accept ACH transactions (checks). All that is needed from the customer is a transit routing number and an account number. These are clearly printed on all checks.
Here is a very simple example for a $5,000 transaction.
Credit card
$125 2.5% of the transaction
.30 per transaction
$125.30 Fee total
Check
.30 per transaction
$.30 Fee total.
Start taking checks today. Its as easy as taking a credit card and the savings are tremedous.
Tuesday, November 11, 2008
Visa Sets Global PCI DSS Deadlines
If you store cardholder data this affects you. Please read this press release from Visa.
"Visa Inc. (NYSE: V) today announced global mandates for compliance with the Payment Card Industry Data Security Standard (PCI DSS), creating a consistent framework for compliance among merchants, service providers and their agents.
The enhancements include a global set of requirements for merchants to validate their compliance with PCI DSS; and for the largest merchants, dates by which they must achieve validation. Deadlines are also set for large and mid-level merchants to demonstrate that they are not storing certain types of sensitive card data. Service provider levels and PCI DSS validation requirements have likewise been aligned under a global standard and compliance timeline. Compliance with PCI DSS will help protect businesses from financial and reputational harm that often results from cardholder data compromises. Visa data security compliance programs have provided compelling incentives for merchants and agents to properly secure cardholder data.
The new framework establishes the minimum requirements for Visa Inc. regions. As an independent company and licensee of Visa International for the business operations in European markets, Visa Europe's PCI DSS framework requires compliance validation and risk mitigation for Level 1 merchants; however the region will be adhering to a different timeline and process for executing compliance validation.
"Compliance with PCI DSS is vital to ensuring the integrity of the global payments system," said Eduardo Perez, head of global data security, Visa Inc. "Aligning compliance programs across the Visa regions is the latest step in our commitment to safeguarding cardholder data."
MERCHANT VALIDATION REQUIREMENTS
Alignment of Merchant Levels and PCI DSS Validation RequirementsA comprehensive set of international security requirements for safeguarding cardholder data, PCI DSS was developed by Visa along with the four other founding payment brands of the PCI Security Standards Council. Compliance is required of all merchants and any entity that stores, processes or transmits cardholder data. " more...
"Visa Inc. (NYSE: V) today announced global mandates for compliance with the Payment Card Industry Data Security Standard (PCI DSS), creating a consistent framework for compliance among merchants, service providers and their agents.
The enhancements include a global set of requirements for merchants to validate their compliance with PCI DSS; and for the largest merchants, dates by which they must achieve validation. Deadlines are also set for large and mid-level merchants to demonstrate that they are not storing certain types of sensitive card data. Service provider levels and PCI DSS validation requirements have likewise been aligned under a global standard and compliance timeline. Compliance with PCI DSS will help protect businesses from financial and reputational harm that often results from cardholder data compromises. Visa data security compliance programs have provided compelling incentives for merchants and agents to properly secure cardholder data.
The new framework establishes the minimum requirements for Visa Inc. regions. As an independent company and licensee of Visa International for the business operations in European markets, Visa Europe's PCI DSS framework requires compliance validation and risk mitigation for Level 1 merchants; however the region will be adhering to a different timeline and process for executing compliance validation.
"Compliance with PCI DSS is vital to ensuring the integrity of the global payments system," said Eduardo Perez, head of global data security, Visa Inc. "Aligning compliance programs across the Visa regions is the latest step in our commitment to safeguarding cardholder data."
MERCHANT VALIDATION REQUIREMENTS
Alignment of Merchant Levels and PCI DSS Validation RequirementsA comprehensive set of international security requirements for safeguarding cardholder data, PCI DSS was developed by Visa along with the four other founding payment brands of the PCI Security Standards Council. Compliance is required of all merchants and any entity that stores, processes or transmits cardholder data. " more...
Subscribe to:
Posts (Atom)