PCI & PA-DSS Compliance: What It Means for Your Business
July 1, 2010. That’s the the date when all payment processing applications are required to be PA-DSS validated. Who should care? Well, if you sell point-of-sale (POS) systems with payment processing functions or, if you accept credit, PIN-debit and other electronic card payments, then you should. You can visit the PCI Security Standards Council (PCI SSC) website to learn about the requirements and certification process, but here are a few reasons why it’s important to your business.
First, if your payment processing system is not PA-DSS validated/PCI compliant, you can no longer process card payments. Yes, that’s correct. According to the PCI SSC guidelines, you are prohibited from using payment processing systems that are not PA-DSS certified, and if you continue to use a non-validated payment application, your business could be shut down. Is there a compliance policeman knocking down your door on July 1st? Probably not, but that doesn’t preclude you from being audited.
Second, if your network is breached and cardholder data is stolen, you could be held liable for the occurrence. This could cost you thousands of dollars, not to mention an impact on your brand/business and customer loyalty.
Third, you may find yourself on a waiting list if you delay your compliance audit. This could impact your business. If you’re a Level 4 merchant, you’ll need to complete the PCI SSC’s self-assessment questionnaire and quarterly scans by a Qualified Security Assessor (QSA). If your solution is already PCI compliant, that questionnaire may be considerably shorter. If you’re a POS developer, your payment applications require you to complete a more robust audit process that could cost several thousand dollars, in addition to making software updates/changes that may be necessary to achieve compliance.
So start planning your compliance strategy today. If you’re a Level 4 merchant, check with your POS provider or VAR to be sure your existing solution is PCI Compliant and ask for recommendations for a QSA. If you are a POS developer or VAR, discuss PA-DSS options with your payment processing vendor. You can minimize the costs and headaches associated with PA-DSS compliance if you integrate or use a PA-DSS certified solution. Merchant Warehouse offers a complete suite of PA-DSS validated solutions that minimize compliance. Check the PCI SCC website for a list of PA-DSS certified solutions and certified QSAs.
Payment Processing Solutions for SMBs
Every small- to medium-sized business needs either a basic method of accepting credit, PIN-debit and check payments or a feature-rich, integrated POS system. In these economically uncertain times, be sure your payment processing solution addresses the following SMB concerns: benefits, productivity, revenue, security and innovation before you make that call.
Benefits - Merchants need to fully understand why your processing solution is better and what they receive by using it. Do they have the most competitive pricing on merchant accounts; is there a special technology that improves their bottom line?
Productivity - All things being equal, how quickly and easily does a merchant see an increase in productivity or efficiency using your solution? Do your back-office management and reporting tools readily address this issue?
Revenue - Every business has money on their mind. How does your payment solution help develop and grow revenues? If you offer innovative technology or valuable add-on options, be sure your customer understands how it grows the bottom line. Gift and loyalty cards come to mind as an easy way to increase revenue per transactions and grow customer loyalty.
Security - With PCI Compliance requirements just around the corner, does a new payment processing system help minimize the compliance headaches and ensure card data security? How does end-to-end data encryption technology make a difference?
Innovation - New technology is great if it improves the current business’ situation, but if it adds little value and has a low ROI, it’s a hard sell. Before asking your customer to invest in new technology or upgrade their processing systems, be sure you understand their pain points and how new technology addresses them. Will lowering processing costs make a big difference for a customer or will accepting payments in real-time save money?
All businesses need cost-effective payment processing solutions. When pitching yours, make sure your solution answers these five critical business concerns.
Security Technologies for PCI Compliance
During its review of the current PCI compliance regulations, the PCI Security Standards Council will begin considering new card data security technologies that help merchants protect sensitive cardholder information. Although no revisions to PCI DSS are expected in 2010, Mark Lobel, principal at PricewaterhouseCoopers, suggests there will be a strong push for end-to-end data encryption, tokenization, magnetic-stripe imaging and virtual terminals (payment gateways).
Fortunately, Merchant Warehouse combines all of these features in its MerchantWARE® SECR™ (Secure Encrypted Card Reader) solution to help its merchants achieve PCI compliance and better protect consumer card data. If MerchantWARE SECR’s features are deemed adequate for securing payment data, wouldn’t it be worth it for every business to use this solution in their store?
Avoid Card Processing Fees
Over the past 10 years, the credit card processing industry has seen a steady increase in Interchange fees – as much as 300% since 2001 – and it’s merchants who are left paying the hefty tab.
While the U.S. government is still debating its role to intervene and regulate these non-negotiable, industry-controlled business expenses, and organizations in support of an Interchange fee reform are still collecting petition signatures, frustrated merchants are making the effort to manage these costs on their own. According to the Boston Globe, some businesses are beginning to offer their customers discounts for purchases made with cash to deter card usage and offset the high costs of card fees, while others have gone so far as to forfeit their ability to accept credit cards at the risk of losing a sale and/or customer.
With all of this commotion surrounding Interchange fees, it seems paradoxical that Merchant Warehouse’s patent-pending BINsmart™ solution is not more widely adopted by retail merchants and point-of-sale vendors. With BINsmart, merchants can accept credit and debit card payments while relying on the customized BIN-recognition with PIN-steering technology to assess each transaction and uncover potential savings on card processing fees. Would you use BINsmart to help your business save on Interchange rates? Let us know by commenting below.
MerchantWARE Mobile for BlackBerry reviewed on CrackBerry.com
The new MerchanWARE Mobile application continues to impress the BlackBerry community, and we are very exited about the glowing review the application received on CrackBerry.com yesterday. CrackBerry.com is one of the leading and most trusted sites for BlackBerry users, and they could not have been more pleased with the new application and the compatible wireless Bluetooth card reader.
“I am a huge fan of this whole system as it is extremely easy to use and offers amazing features. How cool is it to know you can just carry the card reader in your pocket with your device, and you can accept credit cards anywhere?”
Adam Zeis – CrackBerry.com
Read the whole review on CrackBerry.com
MerchantWARE Mobile BlackBerry reviewed on BlackBerrySites.com
BlackBerry Sites, a leading information source for BlackBerry users, took a closer look at our new MerchantWARE Mobile application for BlackBerry devices yesterday. BlackBerry Sites liked what they saw, really appreciated the flexibility and ease of use, and had the following to say:
“Do not be surprised if you see MerchantWARE Mobile being a “Must Have” application in the Business environment soon.”
BlackBerrySites.com
Read the whole review on BlackBerrySites.com
MerchantWARE Mobile:
Businesses “On the Go” can increase sales with iPhoneTM and iPod® Touch
Merchant Warehouse’s free Point of Sale application runs credit card transactions
on Apple mobile devices
BOSTON, MA – March31, 2009 - Merchant Warehouse, a premier provider of merchant accounts and credit card processing solutions, today announced its first mobile application for the Apple (NASDAQ: AAPL) iPhoneTM and iPod® Touch, now available on iTunes and at the Apple App Store.
MerchantWARE Mobile is a point of sale application that allows merchants to run credit and debit transactions in real time. A merchant only needs to install the application on their device, and have a merchant account and a connection to WiFi, Edge or a 3G network. Unlike competitive solutions, MerchantWARE Mobile is free, has no gateway fees, and does not require an expensive third party license. The solution is ideal for the mobile workforce where convenience and low costs are a necessity.
“We’re always looking to be one step ahead of our customer’s needs. We saw an opportunity to help smaller mobile merchants who want the security and functionality to process transactions without having to invest in expensive, dedicated wireless terminals,” said Henry Helgeson, president and co-CEO of Merchant Warehouse. “We believe MerchantWARE mobile will provide these merchants with the tools they need to help grow their businesses.”
In the past, mobile workers such as contractors, insurance agents or tradeshow vendors would accept payments by check, cash or handwrite the credit card information and then later process the card back in their office. These payment options are time consuming, un-secure, and expose merchants to the risk of bad checks and declined credit cards. MerchantWARE Mobile addresses these concerns with secure and immediate processing of transactions – saving merchants valuable time and money.
“MerchantWARE Mobile for the iPhone and iPod touch is the tip of the iceberg for innovative mobile applications from Merchant Warehouse,” said Helgeson. “Over the next few months we will be addressing the need for mobile applications that will assist merchants who may be utilizing other wireless devices powered by Blackberry, Windows Mobile and others.”
With security breaches being a top concern for merchants and consumers, MerchantWARE Mobile eliminates worry as all customer information is encrypted and sent over a secure SSL connection. Additionally, all data is stored on Merchant Warehouse’s secure servers, not the merchant’s mobile device.
MerchantWARE Mobile features include:
- Easy to run secure credit card transaction, including sales, refunds and voids;
- Encrypted and secure SSL connections for safely transmitting customer information;
- Reporting capabilities including, transaction summaries, totals by card type and date and transaction details;
- Automatic end of day batch processing to avoid hassles and downgraded transactions;
- Access to the MerchantWARE Virtual Terminal enabling users to process transactions through the same merchant account from any web connected computer.
More information on MerchantWARE Mobile is available at; http://merchantwarehouse.com/credit_card_software/merchantware_mobile.
iPhone and iPod Touch are trademarks or registered trademarks of Apple, Inc.
About Merchant Warehouse
Merchant Warehouse was founded in 1998 on the principle that businesses should be able to purchase credit card processing software, POS equipment and merchant services at a reasonable price. With over 55,000 merchants, Merchant Warehouse now sets the standard for price, innovation, customer service and integrity. For more information, please visit www.MerchantWarehouse.com.
###
Contacts:
Brian Waldman, Vice President of Marketing and Strategy
Merchant Warehouse
800.941.6557 x2050
bwaldman@merchantwarehouse.com
Credit Card Machines and Connectivity
In my last blog, I discussed how different terminals were capable of performing different functions, or processing different types of transactions. This time, I will be discussing another factor which separates terminals apart from each other: connectivity. During a transaction, the credit card terminal will connect to the processor and then within seconds, a result response will come back to the terminal. Though this is a simplified description of the process, it should make clear that the terminal must be connected to some sort of telecommunications network in order to work at all. There are many different types of terminals out there, but they can all be separated into three categories based on how they connect to your Merchant Account processor.
Dial-up, phone line based terminals: This is your basic terminal which you’ll find in a majority of small to medium sized businesses. If you do some research, you’ll find that these are overall the least costly machines and the ones that have been around the longest. In order to use this type of equipment, you’re business will need a dedicated, analog phone line. By analog, I mean a regular landline, not digital or Voice Over IP.. By dedicated, I mean that it shouldn’t be a phone line which is part of a greater office phone system, such as a PBX or IP-PBX System. Though your office can use one of these, you should speak to your phone people about getting a dedicated phone line which is separate from your system. Many times, a merchant will already have a fax machine which runs off of a dedicated line. One good thing to note is that almost all dial-up credit card terminals come with an extra phone port so that they can share the phone line with a fax machine or a single phone. The one problem here is that you wouldn’t be able to use your credit card machine and your phone or fax machine at the same time. The next type of terminal connectivity eliminates this problem
IP-based terminals: These terminals work off of your broadband internet connection, and they are great for merchants who use Vonage or other Voice Over IP solutions. Basically, you’d attach your terminal to a Cable Modem, DSL Modem, or into your IP Router in order for the terminal to process transactions. Two great advantages to IP terminals is that they process transactions faster and that they allow you to process transactions and leave phone lines open, allowing you to conduct business without having to wait to free up a line or receive phone calls without worrying about disrupting your credit card terminal. There are also two disadvantages: Firstly, these terminals are usually more expensive than dial-up terminals. Secondly, if you’re experiencing problems with your IP-terminal and need to perform a download to correct programming problems, you may need an analog phone line. Though your terminal will work over IP for authing credit cards, there’s a great chance your processor won’t have the ability to have your terminal pick up your merchant information over IP. It’s been my experience that many merchants who use the internet or VoIP for their phone service won’t have a backup analog phone lines for situations like this. I’d advise you to invest in a phone line for this very reason. It can prevent downtime your business would experience from your Internet Connection or VoIP connection being down.
Wireless terminals: No in-depth explanation necessary. Just like a cell phone, these credit card terminals access a cellular network such as GPRS or CDMA to send info to the credit card processor. Although these are usually the most expensive of the three connectivity types, they are definitely worth it for merchants who process a volume of credit card transactions at trade show sales events or in on-site situations like a plumber or carpenter who comes to your house to make improvements. With this terminal, you will have the piece of mind knowing whether or not a customer’s card will go through at the actual point of sale instead of writing down their information and bringing it back to your office to be keyed in. Not only will it give you piece of mind, but swiped credit card accounts generally get lower rates than those of a MOTO or Keyed Face to Face merchant account would so it may end up saving you money in the long run.
If you are interested in finding out more about which terminal you should use with your existing telephony setup or about how you could benefit from a wireless terminal, call up Merchant Warehouse and let one of our account representatives help you figure out what type of terminal would work best for you. We will definitely have the solution to your credit card terminal needs.
Joseph Fitzgibbons – Senior Support Specialist
Credit Card Machines and Functionality
Not every terminal is built the same. Different terminals have different features and perform different sets of functions. The same goes for merchants; not every merchant is the same and not all require the same functions from their credit card terminals. If you are looking to purchase the POS equipment that best fits your business, you will first need to know how you’ll be conducting business. In addition, you’ll need to know which kinds of payments you’re looking to accept. Determining what you actually need, instead of having someone telling you what you should buy, can keep you from spending unnecessarily.
First, how will you be conducting business? Are you generally going to see the customers or do you do business via the Internet or telephone? If business is done face to face and payments are accepted directly at the point-of-sale, you’ll probably want to purchase a credit card machine. However, MOTO or Internet merchants may want to consider an Internet Gateway, which integrate with a website’s shopping cart, or with a Virtual Terminal such as MerchantWare. One advantage to using an Internet Gateway, Virtual terminal, or both, is that these can be used on a computer with a broadband internet connection. If you already have this in place, all you have to buy is the software or a license. Not having to invest in new hardware will save you both money and work-space.
Secondly, for regular Retail merchants, do you have customer demand for more secure, PIN-based transactions? If so, you might want to get a POS terminal with an internal PIN-pad (no additional hardware to purchase, besides the terminal itself), or one that is compatible with an external PIN-pad. If you have a compatible terminal, I would recommend that you get an external PIN pad. With the external option, the PIN-pad is usually already facing the customer so there wouldn’t be a need for you to hand over the entire credit card terminal for the customer to use. This also means that your credit card terminal is more secure and there is less of a chance of the terminal falling into the wrong hands, literally. Using a customer-facing, external PIN pad should also cut down on transaction time.
Credit and Debit transactions aren’t the only electronic payments you can accept as a merchant. Gift Cards could be a great way to strengthen customer loyalty, beef up your customer retention, and broaden your customer base. If you are considering taking these cards, you will need to either make sure that your existing POS solution can work with your Gift Card service provider, or purchase a new solution which will.
However, like I first mentioned, not all terminals are the same and different merchants will require different functions out of their terminals. If you want to learn more about how to accept Gift Cards, Debit, or even simply credit card transactions and want to know what POS solution will best suit your needs, give a call to Merchant Warehouse and allow one of our friendly and knowledgeable Account Representatives to assist you. They can help you figure out what kind of merchant account you will need and what POS Solution will best fit your business. Check back for my next blog which will discuss POS Solution connectivity.
Joseph Fitzgibbons – Senior Support Specialist
The right stuff – Get the credit card machine that’s best for your business
Working in the merchant services industry with the Technical Department of Merchant Warehouse for the last 4 years has put me in steady contact with merchants and their POS solutions. Over that time, I’ve worked with and helped out countless merchants who were experiencing difficulties with their credit card machines and equipment. Many times, merchants will experience technical difficulties that are caused not by defective credit card equipment itself but by buying the wrong equipment in the first place; there are many problems that can be avoided by buying the right solution the first time.
There are many types of credit card terminals out there and many times a particular terminal may not be the right stuff for a merchant and their business. Finding the correct POS solution isn’t very hard, as long as the merchant knows what they need to be looking for. I’d like to impart some advice, some general guidelines to search by for the merchants out there who believe it is upgrade time or just need to replace an existing solution.
I’ve been around the POS block long enough for it to become clear to me that there are three important things to be looking for when purchasing POS equipment. I’ve never been in the merchant’s situation of needing to find the best solution for my business, but if I was and had thought about what kind of functionality I needed to get out of my POS equipment, how I would fit this technology into my current business environment in terms of connectivity, and where I could find the best deal on this POS equipment, I would be ahead of the game and would probably be setting myself up for smooth sailing when it comes to accepting all sorts of electronic payments.
To explain a tiny bit more what it is the merchant should consider heavily, they should know
A) The types of payments they want to accept be they Credit, Debit, Gift Cards, or Checks;
B) What kind of telephone or Internet services they have (usually both nowadays, but sometimes there is neither!) which the POS equipment would work on so that transactions can take place; and lastly
C) Where to find the best prices for these solutions.
This does not really paint the entire picture of the landscape a merchant must take a good look at and think on. It’s only exposing the outlines which need to be filled in with accurate information in order for a merchant to make sense out the whole thing and to come up with the best POS equipment for their business. In forthcoming blogs, I will be explaining this further and hopefully helping merchants choose wisely and make informed decisions concerning the technology they’ll use to accept electronic. This should make business for the merchant much easier and hopefully even much more successful in the long term. Stay logged on!
Joseph Fitzgibbons – Senior Support Specialist