PCI compliance

Financial, legal, advertising, pricing, marketing, accountancy, bookkeeping, employment, taxation, etc.
Post Reply
sable filbert
Posts: 48
Joined: Wed 08 Oct, 2014 7:33 am
Location: Eastbourne environs
Organisation: framing
Interests: London, boats, bikes, ghosts

PCI compliance

Post by sable filbert »

I used to use a mobile card terminal, which worked very well (Vodafone chip) but haven't used one for nearly 5 years. (stopped trading)
looking at the options available again, the PCI implications for taking payments seem exhaustive at the very least!
https://www.pcisecuritystandards.org/me ... /index.php

What systems do you use when accepting payments, may I ask?
markw

Re: PCI compliance

Post by markw »

I use a card terminal and have to do a PCI compliance yearly. The first one is a bit of a chore but the annual ones seem to be just checking over what you ticked before and making sure you haven't wondered into new selling territory. Its basically making sure you are aware of the security implications involved with having the ability to take money out of your customers cc account - as well as training and monitoring any staff that do so as well.
Framie
Posts: 252
Joined: Sat 12 Mar, 2011 4:22 pm
Location: United Kingdom
Organisation: Anything Framed
Interests: Custom Framing, Hand Finishes and Multi Aperture Mounts.
Location: Peterborough
Contact:

Re: PCI compliance

Post by Framie »

Sadly a PCI compliance is pain in the ass, confusing and expensive. :head: :head: :head:

Better, if its not used that often are the Paypal Here/or other mobile payment devices with a phone app. :D
Anything Framed
Otters Pool Studio
Posts: 122
Joined: Thu 15 Mar, 2007 10:11 am
Location: Guildford
Organisation: Otters Pool Studio
Interests: Hobbies?
Location: Guildford, Surrey, UK
Contact:

Re: PCI compliance

Post by Otters Pool Studio »

If your merchant provider offers a third party security consultant service, they are worth looking at. Barclaycard use SecurityMetrics which cost £11.99 per year, but makes the process much easier.
Jon.
Otters Pool Studio
sable filbert
Posts: 48
Joined: Wed 08 Oct, 2014 7:33 am
Location: Eastbourne environs
Organisation: framing
Interests: London, boats, bikes, ghosts

Re: PCI compliance

Post by sable filbert »

Otters Pool Studio wrote:If your merchant provider offers a third party security consultant service, they are worth looking at. Barclaycard use SecurityMetrics which cost £11.99 per year, but makes the process much easier.
Thanks, will look into this later.

My understanding is that EVERY device for accepting card payments, is subject to PCI.
User avatar
Steve N
Posts: 2992
Joined: Sat 21 Jul, 2007 2:32 pm
Location: Somewhere Staple Hill Bristol
Organisation: Frontier Picture Frames ltd
Interests: Walking our retired Greyhound,art, falling asleep on sofa in front of the telly
Location: Now in Bristol
Contact:

Re: PCI compliance

Post by Steve N »

Even if you only have a terminal in your shop, and you have paper receipts from the terminal, you have to be PCI complianced, unless you shred the receipts straight away, if you store them for your accountancy period , that needs to be compliant
PCI Compliance fees are small compared to the fines you get if some scallywag breaks in and nicks the receipts with all the card details on
Steve CEO GCF (020)
Believed in Time Travel since 2035

Proud to sell Ready Made Frames
http://www.frontierpictureframes.com
http://www.designerpicturemounts.com/
User avatar
pramsay13
Posts: 1374
Joined: Tue 27 Sep, 2011 11:46 am
Location: Stonehouse, Lanarkshire
Organisation: Picture Framer (ML)
Interests: picture framing (no, really!) sport, music
Contact:

Re: PCI compliance

Post by pramsay13 »

I have an izettle terminal (there is another thread detailing my reasons for getting this one).
I don't have to be PCI compliant as I am not taking or storing any details.
They enter their card into the reader, and enter pin and all information is sent to izettle using their PCI compliant encryption and servers etc.
It doesn't give paper receipts, I can enter someone's email address so they get sent a receipt, but I've noticed that if I go in at a later date to look at transactions it doesn't give me the full email address, just a few letters and the rest is starred.
sable filbert
Posts: 48
Joined: Wed 08 Oct, 2014 7:33 am
Location: Eastbourne environs
Organisation: framing
Interests: London, boats, bikes, ghosts

Re: PCI compliance

Post by sable filbert »

pramsay13 wrote:I have an izettle terminal (there is another thread detailing my reasons for getting this one).
I don't have to be PCI compliant as I am not taking or storing any details.
They enter their card into the reader, and enter pin and all information is sent to izettle using their PCI compliant encryption and servers etc.
It doesn't give paper receipts, I can enter someone's email address so they get sent a receipt, but I've noticed that if I go in at a later date to look at transactions it doesn't give me the full email address, just a few letters and the rest is starred.
Interesting, not heard of them before.
They don't say the User (You) has to think about PCI, because they have and do!
If so, it's good.
User avatar
pramsay13
Posts: 1374
Joined: Tue 27 Sep, 2011 11:46 am
Location: Stonehouse, Lanarkshire
Organisation: Picture Framer (ML)
Interests: picture framing (no, really!) sport, music
Contact:

Re: PCI compliance

Post by pramsay13 »

I hadn't heard of them either, but the feedback was good externally as well as on this forum.
I have been using it for about a month now and it is great. I only use it about once or twice a week, so perfect for me.
If you sign up now you get a free card-reader lite.
I can't use it to take payments over the phone, even though there is a manual entry function, and I think that is to steer clear of PCI issues with writing down or storing card numbers.
sable filbert
Posts: 48
Joined: Wed 08 Oct, 2014 7:33 am
Location: Eastbourne environs
Organisation: framing
Interests: London, boats, bikes, ghosts

Re: PCI compliance

Post by sable filbert »

Thanks Pramsey.

A cute answerphone message, but they are closed for the day already! :shock: :)
(4.55pm)
ah well, do it online then...
BlueSkyArt
Posts: 58
Joined: Tue 08 Jan, 2013 4:25 pm
Location: Dorset
Organisation: Blue Sky Framing Ltd.
Interests: Running, travelling, running, furniture making, running.
Contact:

Re: PCI compliance

Post by BlueSkyArt »

I've been using iZettle since September and its great. Way better than the card service I had before. I would definitely recommend it. I really like the accounts software on their website which allows you to see exactly how much you have been paid, what it was for and how much your fee will be at the end of the month. Looks snazy too and customers always comment on how 'modern' it all is running it from an iPad.
Matt
misterdiy
Posts: 885
Joined: Sun 13 Jun, 2010 9:15 pm
Location: Isle of Wight
Organisation: Decormount
Interests: Picture framing, mount-cutting, photoshop et al
Location: Isle of Wight
Contact:

Re: PCI compliance

Post by misterdiy »

We have a card machine and also an internet account, so two accounts. Both have to be PCI compliant even though on the internet account it is a gateway and I see none of the card details. If you miss the deadline for compliance (as I did) it works ot at £9.99 + VAT per month per account. It is definietly worth getting it sorted. I feel that most of this should be done by the card machine issuers but its passing the buck all the time.

We have decide to continue with iZettle instead of the card machine and this is working out more cost effective, but I often have great problems getting a connection at the customers house and normally have to resort to using his broadband.
Post Reply