Accept Credit Cards? Read Up

In 2006, the major credit card brands (American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc.) joined forces to form PCI Security Standards Council. The council educates and creates security recommendations for merchants, software developers, service providers and anyone involved in the processing of credit cards. The goal – to ensure better protection and security for credit card holders. They began working with merchants who process a high volume of transactions and now, they are focusing on what the industry terms as level 4 merchants which mean anyone processing between 1 to 20,000 credit card transactions a year. Apparently, the major cards are going to start revoking certification for merchants considered vulnerable (or non compliant) beginning Oct 1st, 2009.

If you have a merchant account and process even one credit card transaction – that could mean you.

What should you do? That is the big question and it all depends on what and how your process credit cards. In my research, I’ve found the answers may not always be clear for Internet Marketers who usually choose a third party shopping cart and PayPal so I hope to simplify it for you here.

If you use your merchant account with third party shopping cart like 1ShoppingCart and you do not save or store credit card information on your own web site, anywhere online or offline:

You’re in luck. You have the least to do. You should complete the self assessment questionnaire (SAQ). Chances are, you do not need to do PCI compliance scanning of your web site but you should confirm this with your merchant account provider or bank if you obtained your merchant account via your bank.

If you use your merchant account with your own shopping cart but do not store credit card data – meaning the actually entering and processing of the card, people are taken to example Authorize.net:

You too have to complete the SAQ and check with your merchant account provider to see if you need to do a quarterly scan on your web site.

If you use your merchant account through your shopping cart and also store and process the payment on your site – note, if you accept credit cards via aMember, chances are this is you because aMember does store data on your web site:

Then, you will in all likelihood need to do both scanning and the questionnaire.

If you use PayPal:

As we understand, you probably won’t need to do anything IF you use Website Payment Standard. If you use other PayPal products like Website Payments Pro, Payflow Pro, or Virtual Terminal, then you may have to do either the questionnaire or both. Either way, please check with PayPal.

If you use Clickbank:

Please check with Clickbank because I don’t seem to be able to locate this information on their web site.

If you use 2Checkout:

You only need to complete the SAQ. For more complete answer straight from the horses’ mouth, please see 2CO’s blog post.

Even after all my research, I’m still getting mixed signals and a little confused at times. Do not rely on this blog post only as the bible truth. Your best resource is always your own merchant account provider.

Do You Want A Hands-Free Business?

Then get this guide to help you systemize your business so you'll have more time working on your business.

!
!

Hey! I want to make sure you know what you're getting here. In addition to the guide, you will also receive our memo that includes special offers, announcements and of course actionable information.

Terms and Conditions checkbox is required.
Send My Guide
Something went wrong. Please check your entries and try again.
Facebook Comments

8 Comments

  1. ShirleyFrazier on September 11, 2009 at 12:33 pm

    This compliance situation is one reason why I was happy to end my merchant terminal lease in favor of two alternative credit card solutions that do not require my computer to be scanned.

    All of us understand how vital security issues have become, but PCI is simply confusing, especially for independent business owners.



  2. Lynette Chandler on September 11, 2009 at 1:40 pm

    Hey Shirley, I agree. It is very confusing and fraught with a lot of industry jargon.



  3. patrysha on September 11, 2009 at 2:43 pm

    The book suggestion isn't avaialable any longer (or maybe it's just not available in my area)…do you know where we can get further information on it? I was going to look it up and see if it was something I need to pass on to my B&M customers.



  4. Vonalda Utterback on September 11, 2009 at 8:53 pm

    Shirley – what are your two alternative credit card solutions? I'd like to avoid a merchant account, but have been considering 1shoppingcart.



  5. Lynette Chandler on September 11, 2009 at 9:43 pm

    Hey Vonalda, hopefully Shirley will reply you soon. However, as per my post you could use 2Checkout if it's available to you. Also, check with Clickbank. Clickbank is a whole lot like 2CO so I imagine you won't need to do anything with them too.



  6. Lynette Chandler on September 11, 2009 at 9:51 pm

    Oooh sorry about that. They pulled it. Unfortunately I don't get notified when they do that 🙁 I believe you can still request it directly from Qualys.com



  7. Merchant Accounts on October 26, 2009 at 2:15 am

    Hi, i like your blog, it's so cool.
    And want to have a link trading with you, look forward to your reply.
    Thank you