Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

IridiumCorp

Members
  • Content count

    5
  • Joined

  • Last visited

Profile Information

  • Real Name
    Sean Brietsche
  1. IridiumCorp

    How to accept Credit Cards without PayPal or Payment Gateway

    There seems to be some confusion about PCI compliance and card details storage so I shall clarify. Being a payment gateway you can take this as the definitive answer. A card merchant is any merchant who uses any device, be it instore, online, or over the phone. Every merchant who receives, transmits, or stores or all of the before mentioned MUST be PCI compliant. PCI compliance is a set of rules that governs how a merchant handles card details and if any merchant who takes card, regardless of the medium, has a security breach ( ie you have been having details emailed to you from you website and your computer gets stolen and the thief sells on the card details ) you are liable to be fined as a merchant - bank - whatever for each card record stolen. So you can trade without being PCI compliant but if you get caught out you could face fines, being card scheme black listed, being personally black listed or all. Clevelandweb, Transactions originating over the web MUST be flagged as internet transactions. There is no other way to do it than through a gateway. If you take your card details from a website and process them manually through your terminal these are the following violations you are carrying out. 1. In proper transaction flagging. 2. Numerous PCI violations. 3. In proper MCC coding. 4. 3D Secure avoidance 5. Processing a card holder present transaction without giving a receipt at the point of transaction. There are more but you get the point. Anyone of these is serious enough to have your merchant account yanked by the bank if they find out. Now if you have a terminal you already have a merchant account. Getting that extended to take internet payments is as easy as a phone call. If your acquiring bank tries to charge you setup fees tell them no. I can set you up an IMA for nothing if they persist. Once you have an IMA register it with a gateway. Tie your website into the gateway. Get yourself PCI compliant. Its easy and can be done in a couple of hours if you use a service like : Scan Alert Its 149 USD per year and is an invaluable exercise to go through. It makes sure you are trading safe. It makes sure if something goes wrong that you are protected from card scheme retribution. Hope that clears this up once and for all. IRC
×