-
I want to thank all the members that have upgraded your accounts. I truly appreciate your support of the site monetarily. Supporting the site keeps this site up and running as a lot of work daily goes on behind the scenes. Click to Support Signs101 ...
PCI Compliance
- Thread starter Mosh
- Start date
SignProPlus-Chip
New Member
No, you need to be in compliance to make sure your handling CC info properly as a merchant.
SightLine
║▌║█║▌│║▌║▌█
Basically it is certifying that any CC stuff you do is secure, and that you keep nor store any card numbers, etc. If you do ecommerce there are additional questions regarding how your site processes the cards etc. I do not think you have to mess with PCI compliance if you use only PayPal and possibly Quickbooks card processing.
I just do a quick 5 minute thing on the web each year to recertify. If we dont do it our rate will jump by a couple of points. Have to do it every year to keep the processing rates down.
Easiest is just to tell them that you only accept cards in person on a machine connected to a phone line. That pretty much stops the questionaire on one page. If you tell it you take cards over the phone or if you enter cards into a computer (processing through a mechants site or ecommerce) in any way then you get hit with a lot more questions about dealing with the customers card numbers.
I just do a quick 5 minute thing on the web each year to recertify. If we dont do it our rate will jump by a couple of points. Have to do it every year to keep the processing rates down.
Easiest is just to tell them that you only accept cards in person on a machine connected to a phone line. That pretty much stops the questionaire on one page. If you tell it you take cards over the phone or if you enter cards into a computer (processing through a mechants site or ecommerce) in any way then you get hit with a lot more questions about dealing with the customers card numbers.
jayhawksigns
New Member
You don't have to worry about PCI stuff with PayPal Here and probably the other similar CC systems. That's one of the reasons that we dropped our previous processor.
Depends, if you use paypal links then no, if you use paypals API payflow then yes you do.
PCI also deals with in store credit card handling as well, not just over the net credit card transactions.
binki
New Member
If you ignore the PCI compliance then you will be charged an extra fee for being high risk. We were doing our transactions over ethernet through our internet hosting supplier but the compliance got so complex we could no longer pass.
We switched to phone lines and it is much simpler now.
We switched to phone lines and it is much simpler now.
What kills me is that its easier to tap a phone line and intercept the call and data than it is over the net.
binki
New Member
The current machines are supposed to encrypt the info over the phone lines. It used to be they transmitted in the clear.
For us the internet connection compliance was over the top. Dozens of questions about our IT department, Security department, etc. We are a small shop and don't have all of those resources. While the phone line is a PITA it is better than that compliance BS.
For us the internet connection compliance was over the top. Dozens of questions about our IT department, Security department, etc. We are a small shop and don't have all of those resources. While the phone line is a PITA it is better than that compliance BS.
Ditchmiester
New Member
I just went through this for our web store and our manual Internet transactions and talk about a pain in the ***. It involved first a 120 question questionnaire that took about an hour to complete and then a second follow up phone call that was another 30-45 min. It was a lot and now we are compliant for 2013. If I have to do that every year it will get old very quick.
SightLine
║▌║█║▌│║▌║▌█
If you process cards over the internet via a web site, or terminal connected via network then you have to do the stupidly long one every year.... We also just use a regular terminal connected to a phone line for the same reason. As soon as you start the questionaire you tell it no internet and phone line only and the questions stop very fast and you are set.
binki
New Member
We use FirstData and if you are set up for internet transactions that is the only compliance process you get a choice of. It was really brutal. Every 3 months they ran a check on our site and it got more involved every quarter. We went from in compliance to not in compliance without any changes.