We are confident that our superior credit card processing solutions will save you money
Feel free to call us: (888) 500-7798 Ext 253

PCI compliance

As a small business owner, ensuring the protection of your revenue is an essential part of accepting credit cards.  The best way to safeguard these payments is to establish a merchant account with a merchant services provider that is PCI-compliant.  Outsourcing to a PCI-compliant service provider is one of the best ways business owners can help reduce their PCI obligations and risk of a data breach.  As a business owner, it is your responsibility to make sure you are partnering with the right service providers to remain in PCI compliance.  Unfortunately, approaching these third-party relationships is rarely taught, or even discussed.  This blog entry is to advise business owners on how to evaluate a merchant services provider and ensure they are reputable and will dutifully safeguard your customers’ credit card information.
 

PCI Compliance: Asking the Right Questions

 

Who qualifies as a merchant services provider?

 
First and foremost, it is important to know which entities store, process, or transmit cardholder data (CHD) on your behalf or have the potential of impacting the security of your customers’ card data.  Many small business owners are not aware of the players involved and, as a result, have no idea if these providers are taking the right steps to protect their customers’ private information and ultimately their business.  To define a merchant services provider, it is an business entity that is directly involved in the processing, storage, or transmission of cardholder data.  Some common examples of merchant services providers include:

  • Independent Sales Organizations (ISOs)
  • Transaction processors
  • Payment gateways
  • Hosting companies
  • Managed security services providers (MSSP)
  • Third party marketing firms
  • Vendors that perform POS maintenance

 

How do I choose a merchant services provider?

 
Business owners should have a set process for choosing a merchant services provider (for example, verify PCI compliance status, research the company’s track record for any breach events, review documented customer complaints, etc.). You can check on the compliance state of a service provider by accessing the Visa and MasterCard registry lists, or by contacting the service provider directly. If the service provider is not on a registry list and has opted to “self-assess” their compliance, it is important to ask for proof of PCI compliance from provider. If the service provider cannot provide formal documentation proving their compliance, it is recommended that you select a provider that has completed a Level 1, on-site audit conducted by a Qualified Security Assessor (QSA).  This is a necessary step in ensuring your merchant services provider is meeting the PCI compliance standards.
 

What questions should I ask potential service providers to validate their PCI-compliance status and procedures?

 

  • What is included in their incidence response plans?
  • Have they experienced any data breaches?
  • How many years have they been in service?
  • Are there available client recommendations?
  • Do they run background checks on employees? (This is required for PCI Compliance.)
  • Are there any complaints found through the Better Business Bureau?

 

Once I identify my service providers, how should I proceed?

 
Next, you should maintain a list of your service providers and check PCI status at least quarterly; and most importantly, ensure that there are written agreements in place acknowledging data security responsibility even down to which PCI requirements they are handling. You should also assure that the liabilities and responsibilities of the service provider are clearly stated and agreed in writing in case of a breach.
 

What if I am an ecommerce merchant?

 
Ecommerce merchants that do not have in-house expertise or resources should consider fully outsourcing their payment-card processing operations to a PCI compliant merchant services provider. By using a fully outsourced service provider, you are not storing, processing or transmitting cardholder data in electronic format on your systems. This option also greatly reduces your PCI DSS validation requirements.
 
 

Merchant Integration 101Credit Card Processing can be a very intimidating, yet necessary evil in business.  We get that.  At Cut Merchant Fees, our job as a Merchant Services Provider is to inform our clients so they can make an educated decision about the way they accept payments from their customers.  With that being said, there are a lot of different terms and jargon thrown around the credit card payment industry.  One very important term that can be misunderstood is “Merchant Integration” (hence the title, “Merchant Integration 101“).  This term holds so much importance due to the benefits your company can realize from such a product.

Let’s dive in a bit further as we unpack this little merchant processing crash course.  The dictionary defines integration as “ the act of combining or adding parts to make a unified whole”.  The idea is to improve efficiency with one process.  So how do we apply this term to your credit card receivables?

A Merchant Integration is an added feature for your billing software.  For example, let’s say your typical process involves a stand-alone (dial-up) terminal and then posting payments to QuickBooks.  Typically, you would punch in the cardholder’s information into the terminal and then process the payment.  At the end of the day, you would then have a report of all of your transactions that you entered for that day to post to the corresponding open invoices in QuickBooks.  Sound familiar?  A Merchant Integration gives you the ability to eliminate the double-entry process and post a credit card payment right in from your QuickBooks platform.  This is the combination of two separate, yet related functions, to improve efficiency and save you money at the end of the day (because after all, time is money).

So where does one acquire one of these fancy worded plug-in’s of magical goodness?  There are only a handful of merchant services providers that offer these tools.  Usually, if your processor offers this benefit, you can ask your representative about the process, costs, and timelines to implement the plug-in.  Building something like this is time consuming and costly, so merchant services companies don’t typically provide merchant integration add-on’s for free.  Lucky for you, you landed on a company’s website that does.  :)

Not all integrated solutions are the same, and it is absolutely crucial to do your homework when making this decision.  Figure out which functions you find most important and make sure that the merchant provider’s integration meets all of the criteria you expect from a merchant integration.  A good way to assess which functions your company needs most is to think about what process is most time consuming for you in the payment posting process.  Make a list and check off the functions that have been met as you do your research for each product.

Uncover all of the costs before you commit to any integrated solution.  Sometimes, these fees can be tricky.  Make certain that you completely understand all of your costs (immediate, monthly, annually, etc.), benefits, and savings before tying the knot with any processor.

Now get out there and start researching for the merchant integration that’s right for your business!