Credit Card PCI compliance

Tom · Dec 30, 2014

Our merchant service provider requires us to go through a rather tedious PCI compliance procedure. I gather this is universal, and world-wide. The questionnaire for compliance asks stuff that is way beyond what I think applies to a simple terminal connected to the internet. Scan failed and had to be corrected manually. Took 2 hours in all.
Your experiences?

gillumhouse · Dec 30, 2014

I use Sq-ua re so no longer have that. Used to - but printed it and mailed so blanks did not trigger error messages.

Arks · Dec 30, 2014

Yes, Authorize dot net has a lengthy questionnaire you have to complete online each year. They don't seem to care much about the answers. Just that you make it to the end. Mainly it seems it's all designed to be sure any blame is on the end user, not Authorize dot net.

BananaE29 · Dec 30, 2014

Another reason I love Tom Weiskotten for my go-between with my processor. He must do it for his clients, because I've not had to do one yet (although I know it's required).

Generic · Dec 30, 2014

No PCI compliance once you are Chip & PIN.

scrambled_eggs · Dec 30, 2014

Hmmm…never had to fill anything out in 9 years with Wells Fargo terminal…the last two year been on Square and love it! Never have to worry about it.

Arks · Dec 30, 2014

Jon Sable said:
No PCI compliance once you are Chip & PIN..

Jon Sable said:
No PCI compliance once you are Chip & PIN.

I don't get that since my own PCI quizzing (from Authorize) is about how I take online payments, if I store the card data locally, etc. Not one bit of it has to do with transactions that would read a chip.

Generic · Dec 30, 2014

Arks said:
Jon Sable said:

No PCI compliance once you are Chip & PIN..

Click to expand...

Jon Sable said:

No PCI compliance once you are Chip & PIN.

Click to expand...

I don't get that since my own PCI quizzing (from Authorize) is about how I take online payments, if I store the card data locally, etc. Not one bit of it has to do with transactions that would read a chip.
.

I don't use authorize and take deposits online. Almost all my transactions are CIH. In fact, I use square for prepayments, so they have the compliance issues. But when I switched, I never had to fill out that PCI compliance thing ever again.

Generic · Dec 30, 2014

Arks said:
Jon Sable said:

No PCI compliance once you are Chip & PIN..

Click to expand...

Jon Sable said:

No PCI compliance once you are Chip & PIN.

Click to expand...

I don't get that since my own PCI quizzing (from Authorize) is about how I take online payments, if I store the card data locally, etc. Not one bit of it has to do with transactions that would read a chip.
.

Don't know, but I have never had to do it and it's listed as not required when you are EMV. Maybe because on EMV transactions, the card isn't locally stored? Or it's not supposed to be.
Remember when you make a purchase at the store and they swipe your card in the cash register? Doesn't happen here anymore. You never hand over your card. You put the card in the stand-alone terminal.
It's one of the store's biggest complaints, they can't track you by your CC number... they don't get your card number.

Arks · Dec 30, 2014

Jon Sable said:
Arks said:

Jon Sable said:

No PCI compliance once you are Chip & PIN..

Click to expand...

Jon Sable said:

No PCI compliance once you are Chip & PIN.

Click to expand...

I don't get that since my own PCI quizzing (from Authorize) is about how I take online payments, if I store the card data locally, etc. Not one bit of it has to do with transactions that would read a chip.
.

Click to expand...

I don't use authorize and take deposits online. Almost all my transactions are CIH. In fact, I use square for prepayments, so they have the compliance issues. But when I switched, I never had to fill out that PCI compliance thing ever again.
.

Jon Sable said:
I don't use authorize and take deposits online.

Well there's your difference. I ONLY authorize and take deposits online! Have only touched 2 guests' credit cards in my nearly 3 years in business, and that was along time ago. Different business models.

Kay Nein · Dec 30, 2014

I had to do that questionnaire last year and it's painful! Alot of those questions I didn't even understand and I'm more computer savvy than the average bear. I agree that most of it didn't apply to our little operation - hand-keying data over the phone line. They made it sound like we were Amaz on or Tar-jay. I do think our system should be more secure, so I told the owner he had to answer the questionnaire himself this year. I'm surprised he never commented on it afterwards. It's probably one of those painful memories that he's subconsciously erased.

Generic · Dec 30, 2014

Arks said:
Jon Sable said:

Arks said:

Jon Sable said:

No PCI compliance once you are Chip & PIN..

Click to expand...

Jon Sable said:

No PCI compliance once you are Chip & PIN.

Click to expand...

I don't get that since my own PCI quizzing (from Authorize) is about how I take online payments, if I store the card data locally, etc. Not one bit of it has to do with transactions that would read a chip.
.

Click to expand...

I don't use authorize and take deposits online. Almost all my transactions are CIH. In fact, I use square for prepayments, so they have the compliance issues. But when I switched, I never had to fill out that PCI compliance thing ever again.
.

Click to expand...

Jon Sable said:

I don't use authorize and take deposits online.

Click to expand...

Well there's your difference. I ONLY authorize and take deposits online! Have only touched 2 guests' credit cards in my nearly 3 years in business, and that was along time ago. Different business models.
.

Now that it's EMV, anything that doesn't have the actual card presented can be challenged for chargeback. Plus they take an extra .5% for CNP transactions.

Highlands John · Dec 31, 2014

In my experience with my previous machine supplier this process was made as horrible and complicated as possible through badly designed web pages to make it as difficult as possible to complete compliance. The result, you get charged £17/month fees for not completing.
My new supplier is far easier. I do agree though that much of it is not applicable to a business of my size.

An Old Tavernkeeper · Jan 1, 2015

Jon Sable said:
No PCI compliance once you are Chip & PIN..

PCI Compliance, and the associated fines. are at the discretion of each bank/processor. Chip and Pin gets you out of the questionnaire but you are always liable for all bank losses if your business systems are used for theft.
It is all documented here in the PCI National Standard Library
https://www.pcisecuritystandards.org/security_standards/documents.php?document=pci_dss_v2-0#pci_dss_v2-0

Credit Card PCI compliance

Help Support Bed & Breakfast / Short Term Rental Host Forum:

Tom

Well-known member

gillumhouse

Moderator

Arks

Well-known member

BananaE29

Well-known member

Generic

Well-known member

scrambled_eggs

Well-known member

Arks

Well-known member

Generic

Well-known member

Generic

Well-known member

Arks

Well-known member

Kay Nein

Well-known member

Generic

Well-known member

Highlands John

Well-known member

An Old Tavernkeeper

Well-known member

Latest posts

Credit Card PCI compliance

Help Support Bed & Breakfast / Short Term Rental Host Forum:

Well-known member

Moderator

Well-known member

Well-known member

Well-known member

Well-known member

Well-known member

Well-known member

Well-known member

Well-known member

Well-known member

Well-known member

Well-known member

Well-known member

Join the conversation!

Join today and get all the highlights of this community direct to your inbox. It's FREE!

Join the conversation!

Register today and take advantage of membership benefits. It's FREE!

Don't like ads?

Did you know that registered members can turn off the ads?