The Framers Forum

I used to use a mobile card terminal, which worked very well (Vodafone chip) but haven't used one for nearly 5 years. (stopped trading)
looking at the options available again, the PCI implications for taking payments seem exhaustive at the very least!
https://www.pcisecuritystandards.org/me ... /index.php

What systems do you use when accepting payments, may I ask?

I use a card terminal and have to do a PCI compliance yearly. The first one is a bit of a chore but the annual ones seem to be just checking over what you ticked before and making sure you haven't wondered into new selling territory. Its basically making sure you are aware of the security implications involved with having the ability to take money out of your customers cc account - as well as training and monitoring any staff that do so as well.

Sadly a PCI compliance is pain in the ass, confusing and expensive.

Better, if its not used that often are the Paypal Here/or other mobile payment devices with a phone app.

If your merchant provider offers a third party security consultant service, they are worth looking at. Barclaycard use SecurityMetrics which cost £11.99 per year, but makes the process much easier.

Otters Pool Studio wrote:If your merchant provider offers a third party security consultant service, they are worth looking at. Barclaycard use SecurityMetrics which cost £11.99 per year, but makes the process much easier.

Thanks, will look into this later.

My understanding is that EVERY device for accepting card payments, is subject to PCI.

Even if you only have a terminal in your shop, and you have paper receipts from the terminal, you have to be PCI complianced, unless you shred the receipts straight away, if you store them for your accountancy period , that needs to be compliant
PCI Compliance fees are small compared to the fines you get if some scallywag breaks in and nicks the receipts with all the card details on

I have an izettle terminal (there is another thread detailing my reasons for getting this one).
I don't have to be PCI compliant as I am not taking or storing any details.
They enter their card into the reader, and enter pin and all information is sent to izettle using their PCI compliant encryption and servers etc.
It doesn't give paper receipts, I can enter someone's email address so they get sent a receipt, but I've noticed that if I go in at a later date to look at transactions it doesn't give me the full email address, just a few letters and the rest is starred.

pramsay13 wrote:I have an izettle terminal (there is another thread detailing my reasons for getting this one).
I don't have to be PCI compliant as I am not taking or storing any details.
They enter their card into the reader, and enter pin and all information is sent to izettle using their PCI compliant encryption and servers etc.
It doesn't give paper receipts, I can enter someone's email address so they get sent a receipt, but I've noticed that if I go in at a later date to look at transactions it doesn't give me the full email address, just a few letters and the rest is starred.

Interesting, not heard of them before.
They don't say the User (You) has to think about PCI, because they have and do!
If so, it's good.

I hadn't heard of them either, but the feedback was good externally as well as on this forum.
I have been using it for about a month now and it is great. I only use it about once or twice a week, so perfect for me.
If you sign up now you get a free card-reader lite.
I can't use it to take payments over the phone, even though there is a manual entry function, and I think that is to steer clear of PCI issues with writing down or storing card numbers.

Thanks Pramsey.

A cute answerphone message, but they are closed for the day already!
(4.55pm)
ah well, do it online then...

I've been using iZettle since September and its great. Way better than the card service I had before. I would definitely recommend it. I really like the accounts software on their website which allows you to see exactly how much you have been paid, what it was for and how much your fee will be at the end of the month. Looks snazy too and customers always comment on how 'modern' it all is running it from an iPad.

We have a card machine and also an internet account, so two accounts. Both have to be PCI compliant even though on the internet account it is a gateway and I see none of the card details. If you miss the deadline for compliance (as I did) it works ot at £9.99 + VAT per month per account. It is definietly worth getting it sorted. I feel that most of this should be done by the card machine issuers but its passing the buck all the time.

We have decide to continue with iZettle instead of the card machine and this is working out more cost effective, but I often have great problems getting a connection at the customers house and normally have to resort to using his broadband.