• Recently Written

  • Are you a Paypal fan? Read this!
  • Heartbreak over Heartland
  • Gift Cards
  • PCI/DSS Frequestly Asked Questions
  • PCI Compliance Certification
  • Gift Card Program or Shell Game?
  • How do I establish an ecommerce merchant account?
  • How is Chase Paymentech different from its competition?
  • What is Visa Interchange?
  • Visa and MasterCard Rates

• Categories

  • Chase Paymentech
  • e-Commerce
  • Interchange
  • Paypal
  • PCI Compliance
  • Q & A
  • Rates and Fees
    • Gift Card Programs

• Archives

  • September 2009
  • August 2009
  • September 2008

• Blogroll

• Admin

  • Log in
  • Wordpress
  • XHTML

• Search

From the Journal of Accountancy:

“This consumer-merchant trade-off provides plenty of economic justification for retailers to offer and even to promote gift card sales because retailers stand to derive several economic benefits from such sales. Benefits from gift cards can include increased sales, marketing opportunities, improved cash flow and inventory management and a stronger bottom line as the result of unredeemed gift cards. “

My Gift Card programs start at just $299 with just $12.95/month service fee and no transaction fee.  Call 612.229.8808 for more information

What is PCI DSS?
The Payment Card Industry (PCI) Data Security Standard (DSS) is a set of requirements for enhancing payment account data security. These standards were developed by the PCI Security Standards Council, which was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa, Inc. to facilitate industry-wide adoption of consistent data security measures on a global basis. The standard aims to increase awareness and promote best practices in the handling of sensitive information as a means to minimizing identity theft and fraudulent transactions.

Is PCI DSS new?
No. The framework of the PCI data security standards has existed in different forms for some time now and continues to evolve. You may be more familiar with the payment brands’ programs that promote the adoption of the PCI DSS
• MasterCard: Site Data Protection (SDP) program
o Mastercard.com/sdp
• Visa: Cardholder Information Security Program (CISP)
o Visa.com/cisp
• Discover Network: Discover Information Security & Compliance (DISC)
o Discovernetwork.com/fraudsecurity/disc.html
• American Express: Data Security Operating Policy
o AmericanExpress.com/datasecurity

I only process a few hundred dollars a month. Does my merchant account still need to be PCI compliant?
Yes, all merchants, whether small or large, are required to be PCI compliant. The payment brands have collectively mandated PCI DSS compliance for any and all organizations that process, store or transmit payment cardholder data. Inherent in having a merchant account is the ability to handle cardholder data.

I already use a “PCI compliant” terminal/gateway. Doesn’t that mean I am PCI compliant?
No. Use of a PCI compliant payment application is one aspect of the many PCI DSS requirements, which cover handling of sensitive data. Currently, the PCI DSS lists twelve requirements. These requirements are organized around the following principles:
• Build and maintain a secure network
• Protect cardholder data
• Maintain a vulnerability management program
• Implement strong access control measures
• Regularly monitor and test networks
• Maintain an information security policy

 

Can I choose not to certify for PCI compliance?
If you choose not to complete the self-assessment questionnaire (and applicable network scans) you may overlook certain data security practices that minimize your risk of a security breach. In the event that your business is compromised, you may be subject to substantial fines per payment brand. These fines would be in addition to the expenses and fraudulent transactions resulting from the breach.
In light of the importance that data security has to the payment processing industry and consumers at large, we, as your service provider, may also begin imposing a fee for each month that your account has not been validated as PCI compliant or in any given month your account is deemed non-compliant. Failure to validate compliance may result in the termination of your merchant account.

Please contact Fred Erickson at fred@merchantaccountstandard.com for answers to other questions you may have.

Higher Standards has choosen Security Matrics as its vendor of choice to perform PCI Compliance Certification for our clients.  Please follow this link to learn why.  securitymetrics Ranks #754 on New Inc. 5000 List; Growth Fueled by …

A competitor in the Minneapolis market is presenting a basic Valutec Gift Card  program for around $2976.00.  The program is bundled with a credit card terminal and very low credit card processing rates.  Here’s the catch; the gift card program is a <$700 product and the credit card terminal is <$375 for a value of about $1100.  The bundle is put on a 48 month, non cancelable lease against the terminal with payments of $60 to $69 per month.  Do the math.  In addition the lease has a $30 per year insurance charge for another $120.  Don’t be suckered in to this deal call me at 612.229.8808 and we can have have a joint meeting with the representitive of this company and I’ll help you ask the right questions.  I’ve had two meetings already.  Remember:  NEVER SIGN A MINIMUM TERM CONTRACT WITH A CREDIT CARD PROCESSOR AND ABSOLUTELY NEVER AGREE TO PAY A TERMINATION PENALTY IF YOU CHOOSE TO GO ELSEWHERE.