Announcement

Collapse
No announcement yet.

PCI compliance and card processing advice

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    PCI compliance and card processing advice

    I'm in dire straits here, tired of my card processor and their money for nothing attitude. I'm in need of card processing with a better PCI compliance setup. Currently scanned by TransArmor (Clover) and paying the fees they charge for making me deal with the same false positives over and over. I there anything with built in PCI compliance and no questionnaire? I'm not ready for Miva Pay but would probably want to implement that in the future. What is currently working best for you folks?

    Thanks
    Louie

    #2
    Miva Pay isn't a CC processor anyway -- at least not right now. So, that isn't an option based on your description.

    If you're looking to dump your current processor and the scanner, then you likely need to switch to something like Paypal which takes your payments off the store. Personally, I had a Square account already so I installed the Square payment processor since it's a Miva built payment module. I don't anticipate PCI compliance issues.

    That doesn't mean you wouldn't have any of course. The issues may be in what those false positives are? They may not be false but are actually indicating symptoms of other issues. Maybe you can list what those false positives are?

    FWIW,

    Scott
    Need to offer Shipping Insurance?
    Interactive Design Solutions https://www.myids.net
    MivaMerchant Business Partner | Certified MivaMerchant Web Developer
    Competitive Rates, Custom Modules and Integrations, Store Integration
    AutoBaskets|Advanced Waitlist Integration|Ask about Shipping Insurance Integration
    My T-shirt Collection is mostly MivaCon T-shirts!!

    Comment


      #3
      Thanks, Scott.
      Actually, I'm not too knowledgeable about these things, but I thought that MivaPay would be a PCI compliance solution and just wanted to start with a card processor that would be compatible.

      As far as the false positives they just make me dispute and resubmit a mitigation and migration plan almost every month for the same thing. Not a big deal but an inconvenience for certain.

      What does Square require for PCI compliance?

      Thanks
      Louie

      Comment


        #4
        Hav you created a support ticket with Miva?

        Square's rates are a little higher, not unlike Paypal. I don't actually know what their PCI compliance policies are. However, I assume they charge a higher rate which covers some risk. Reviewing their policies is my suggestion.

        There are many people here on the forum that could make some great suggestions about fixing that false positive potentially eliminating it. We'd need to know what it is.

        Scott
        Need to offer Shipping Insurance?
        Interactive Design Solutions https://www.myids.net
        MivaMerchant Business Partner | Certified MivaMerchant Web Developer
        Competitive Rates, Custom Modules and Integrations, Store Integration
        AutoBaskets|Advanced Waitlist Integration|Ask about Shipping Insurance Integration
        My T-shirt Collection is mostly MivaCon T-shirts!!

        Comment


          #5
          MivaPay would also solve the issue, but Square and Braintree are both iFrame Hosted gateways and won't require your site to be scanned. Braintree can be more competitive on rates but has a monthly fee, Square is pretty standard on fees but considering there's no monthly fee it can also be competitive depending on your volume.
          Thanks,

          Rick Wilson
          CEO
          Miva, Inc.
          [email protected]
          https://www.miva.com

          Comment


            #6
            Just had a client switch to FatMerchant (processor)...15 minutes saved him hundreds of dollars :) You'll still need a gateway (AuthorizeNet is what they are using and should get you under the PCI compliance radar).
            Bruce Golub
            Phosphor Media - "Your Success is our Business"

            Improve Your Customer Service | Get MORE Customers | Edit CSS/Javascript/HTML Easily | Make Your Site Faster | Get Indexed by Google | Free Modules | Follow Us on Facebook
            phosphormedia.com

            Comment


              #7
              Auth.net doesn't use an iFrame so the Merchant Processor still might force a scan and and a SAQ-D. Obviously compliance is widely variant in the industry as is enforcement, but essentially if you want to not be scanned and only fill out the 10 question SAQ-A, then you'd need to be using Braintree, Square or MivaPay as it stands today.
              Thanks,

              Rick Wilson
              CEO
              Miva, Inc.
              [email protected]
              https://www.miva.com

              Comment


                #8
                Rick, question. Since MivaPay isn't a processor, how does it work as you described? If Louie keeps the same processor but adds MivaPay, does it work as a layer or wall in between? I am not sure how I would describe the benefit to anyone.

                Thanks, Scott
                Need to offer Shipping Insurance?
                Interactive Design Solutions https://www.myids.net
                MivaMerchant Business Partner | Certified MivaMerchant Web Developer
                Competitive Rates, Custom Modules and Integrations, Store Integration
                AutoBaskets|Advanced Waitlist Integration|Ask about Shipping Insurance Integration
                My T-shirt Collection is mostly MivaCon T-shirts!!

                Comment


                  #9
                  Yes, miva pay is a layer in between your processor and a client. And miva pay is an iframe based service.
                  And it works. Using it for about a year now.

                  Comment


                    #10
                    Scott,

                    MivaPay is an iFramed Middleware that sites between your normal direct connection gateway (as long as it's one of the native ones to Miva Merchant) and your Miva store. Allowing you to keep your gateway and merchant processor of choice while having the reduced PCI Burden.
                    Thanks,

                    Rick Wilson
                    CEO
                    Miva, Inc.
                    [email protected]
                    https://www.miva.com

                    Comment


                      #11
                      OK, I think this helps me explain to clients.

                      Would this be a valid pitch? When a client is with Auth.net, and CC Merchant requires scanning of the site at the client's costs, if they subscribed to MivaPay, the client could request the scan to be stopped because it's unnecessary?

                      Thanks,

                      Scott
                      Need to offer Shipping Insurance?
                      Interactive Design Solutions https://www.myids.net
                      MivaMerchant Business Partner | Certified MivaMerchant Web Developer
                      Competitive Rates, Custom Modules and Integrations, Store Integration
                      AutoBaskets|Advanced Waitlist Integration|Ask about Shipping Insurance Integration
                      My T-shirt Collection is mostly MivaCon T-shirts!!

                      Comment


                        #12
                        Scott,

                        That's exactly right you should just be able to provide our Attestation of Compliance and that should be enough. Some merchant account companies are very underhanded though and that might not work, If it doesn't, I strongly suggest a new merchant company (not new gateway) as they're likely being screwed in other ways too.
                        Thanks,

                        Rick Wilson
                        CEO
                        Miva, Inc.
                        [email protected]
                        https://www.miva.com

                        Comment


                          #13
                          Great. Thanks Rick.

                          See ya tomorrow.
                          Need to offer Shipping Insurance?
                          Interactive Design Solutions https://www.myids.net
                          MivaMerchant Business Partner | Certified MivaMerchant Web Developer
                          Competitive Rates, Custom Modules and Integrations, Store Integration
                          AutoBaskets|Advanced Waitlist Integration|Ask about Shipping Insurance Integration
                          My T-shirt Collection is mostly MivaCon T-shirts!!

                          Comment


                            #14
                            Does miva merchant support the authorize.net inline javascript method? Authorize offers that now and it reduce PCI compliance burden on retailers.

                            Comment


                              #15
                              Not at this time, possibly later this year.
                              Thanks,

                              Rick Wilson
                              CEO
                              Miva, Inc.
                              [email protected]
                              https://www.miva.com

                              Comment

                              Working...
                              X