pci compliance charges from merchant services

stcstc · 21-05-2011 3:07pm #1

I have been trying to sort out a credit card machine for my office

i have had quotes etc

one of the quotes has pci compliance charges and a monthly charge if not compliant

but i have been told most people dont pay it,

i have never done this before so just looking to see do people pay the compliance charges?

maxer68 · 21-05-2011 4:49pm

All businesses should be pci compliant - its basically how you store card information / card receipts.

stcstc · 21-05-2011 5:38pm

ok

but i was told the charges on the quote people dont pay

TheCostumeShop.ie: Ronan · 21-05-2011 9:10pm

What are the charges for exactly, if you turnover over 5 million you need to get an audit which is expensive. If your taking online payments you need to complete a SAQ (here: https://www.pcisecuritystandards.org/merchants/self_assessment_form.php) and would need to have remote testing from the likes of hacker guardian to check your systems for weaknesses.

In my experience Irish merchant banks are horrifically undereducated about the requirements and I do know one merchant bank is pulling a move to insist their online traders dump their existing suppliers of PCIDSS compliance certs in favour of their preferred supplier - who I image are giving them a kick back for their insistence. Very anti-competitive move and back in the day I would have fought with them over it, but frankly it's not worth the hassle.

stcstc · 21-05-2011 10:03pm

there is a 1 off charge of around 100 euros

and a yearly charge of approx 50

and if not compliant there's a monthly charge or 13.50

and yes this merchant is saying its from their supplier

amen · 22-05-2011 5:42pm

and if not compliant there's a monthly charge or 13.50

how can you not be PCI compliant and accept credit cards and what exactly is the 13.50 charge for ?

stcstc · 22-05-2011 6:54pm

my little knowledge of it, its if you cant prove your compliant

TheCostumeShop.ie: Ronan · 22-05-2011 11:19pm

amen wrote: »

how can you not be PCI compliant and accept credit cards and what exactly is the 13.50 charge for ?

You'd be surprised how often it happens. I reckon the logic behind the charges are for PCIDSS scans and certs, if you get a fail mark then obviously you want to fix it and run the scans again so it's more work for them.

J_Wholesale · 23-05-2011 8:29am

Most eCommerce sites simply fill out the DIY online form mentioned above, which pretty much makes the entire thing worthless and nothing more than paperwork that you pay to do yourself.

Reminds me of the equally ludicrous ISO compliance procedures, which for most companies never get beyond a designated person putting the paperwork together.

mneylon · 23-05-2011 8:57am

J_Wholesale wrote: »

Most eCommerce sites simply fill out the DIY online form mentioned above, which pretty much makes the entire thing worthless and nothing more than paperwork that you pay to do yourself.

The level of compliance is directly linked to the volume and value of online sales at the moment.

I wouldn't see it as "worthless", though I wish the Irish banks were more uniform in their handling of PCI etc.,

TheCostumeShop.ie: Ronan · 23-05-2011 1:15pm

I'd second that, It's not worthless at all. I've seen some horrific things online from Irish businesses, for example one website that had an invalid SSL cert and was taking people's card details (& ccv2 etc) via a email contact us form. PCI is the basic minimum people should be expecting to adhere to.

Remember everyone who has a bad experience purchasing online or if their card details stolen has a knock on effect - they are less likely to buy online in future.

mneylon · 23-05-2011 1:23pm

TheCostumeShop.ie: Ronan wrote: »

I'd second that, It's not worthless at all. I've seen some horrific things online from Irish businesses, for example one website that had an invalid SSL cert and was taking people's card details (& ccv2 etc) via a email contact us form. PCI is the basic minimum people should be expecting to adhere to.

Remember everyone who has a bad experience purchasing online or if their card details stolen has a knock on effect - they are less likely to buy online in future.

Which is my belief as well - I'd expand it further.
Anytime anyone has a negative experience online (regardless of whether they're actually buying or not) has a knockon impact on everyone else who works in the online industry

stcstc · 23-05-2011 4:42pm

sorry one thing i didnt mention, this isnt for online

its for card machine in the office with both customers there and not there

AndyJB · 24-05-2011 9:43am

stcstc wrote: »

sorry one thing i didnt mention, this isnt for online

its for card machine in the office with both customers there and not there

Morning,
As its a terminal unit via the bank there shouldn't be any PCI issues, should there? Only potential issue is with "not there" customers.

Have you shopped around with other banks?

AJB

pci compliance charges from merchant services

Comments