Announcement

Collapse
No announcement yet.

Moneris PCI Compliance

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    Moneris PCI Compliance

    Ok, here's what I wanna do. I want to use Moneris Solutions eSelectPlus module to accept credit & debit cards online. I would prefer not to use Moneris' hosted checkout page, and rather have my customers do everything securely on my website. As I understand it, I need a module by Sebenza to act as an intermediary between MM5 & Moneris.

    Moneris is asking this;
    1. Will the end-users entering their credit card info into the Moneris payment gateway, Merchant hosted gateway or gateway of the shopping chart company?
    2. Is shopping chart company certified with PCI? Please the company to fill the attached form. Thanks

    If credit card info is entered into Merchant hosted gateway, you are required to have PCI certification.
    Sebenza is saying this;
    The customer enters their credit card information on the final page of the miva checkout. This information is transmitted to Moneris's gateway via their secure API.
    So based on what I'm trying to accomplish, what do I need, and what do I tell Moneris?

    BTW, we're currently using PayPal to accept CC's online.

    Any help is greatly appreciated.

    Thanks.

    P.S. Sorry the terminolgy is confusing to me, so replies in Layman`s terms would be great.
    Last edited by Gracefully Erotic; 11-19-08, 05:34 PM.
    JIM - GRACEFULLY EROTIC
    deliciouslyTEMPTING
    http://www.gracefullyerotic.com/sfnt.html
    Tags: None
    #2
    Re: Moneris PCI Compliance

    Anyone?
    JIM - GRACEFULLY EROTIC
    deliciouslyTEMPTING
    http://www.gracefullyerotic.com/sfnt.html

    Comment

      #3
      Re: Moneris PCI Compliance

      I'm not clear on what you're asking. Are you asking if you'll be PCI Compliant using MM5 and Moneris?
      Thanks,

      Rick Wilson
      CEO
      Miva, Inc.
      [email protected]
      https://www.miva.com

      Comment

        #4
        Re: Moneris PCI Compliance

        Originally posted by Rick Wilson View Post
        I'm not clear on what you're asking. Are you asking if you'll be PCI Compliant using MM5 and Moneris?
        I guess part of the trouble is, I'm not even sure what I'm asking.

        Apparently I have two choices with Moneris using their e-SelectPlus product enabling me to accept credit cards on my website. I can either use their hosted payment page (which is probably what I'm going to do in the interim), or I can have customers complete the entire payment process on my website, which is the desired route.

        To accomplish this, as I understand it, I need a module by Sebenza which does capture and preauth, to be installed between MM5 and Moneris, although I'm not sure why this module is required. If I go this route, Moneris requires that MM5 I guess, is PCI certified;

        1. Will the end-users be entering their credit card info into the Moneris payment gateway, Merchant hosted gateway or gateway of the shopping chart company?
        2. Is shopping chart company certified with PCI? Please the company to fill the attached form. Thanks

        If credit card info is entered into Merchant hosted gateway, you are required to have PCI certification.
        I think what's throwing me off is the gateway thing. I assume the answer to question #1 above would be Moneris Payment Gateway, since I'm using Moneris, which leaves the question of whether or not MM is PCI certified, and if not, how to I go about getting PCI certified?
        Last edited by Gracefully Erotic; 11-20-08, 03:00 PM.
        JIM - GRACEFULLY EROTIC
        deliciouslyTEMPTING
        http://www.gracefullyerotic.com/sfnt.html

        Comment

          #5
          Re: Moneris PCI Compliance

          If they require that your site be PCI Compliant, as most merchant account providers and payment gateways do already, then you need to talk to your host to see if they offer PCI compliance scanning service in partnership with one of the several companies that offer this option.

          Comment

            #6
            Re: Moneris PCI Compliance

            PCI Certification is a bit of a misnomer. There is something called PA-DSS (formerly PA-BP) which is a "Payment Application - Data Security Standard" and it costs a company like us approximately $30k per payment process that we'd like to certify for the right to say we pass.

            This however is different than PCI Compliance which is actually filling out a questionnaire and following security standards. Here's a simple example, if you're on a properly setup host and you're using our IMS Payment Gateway with Encryption turned on, then you can get your site scanned to pass PCI Compliance (as Remik mentioned).

            If you're on the same good host and use Simple Validation without Encryption then you're not following PCI's rules.

            And if you're on an unsafe host, then all bets are off.

            The bigger question is why are you using Moneris?
            Thanks,

            Rick Wilson
            CEO
            Miva, Inc.
            [email protected]
            https://www.miva.com

            Comment

              #7
              Re: Moneris PCI Compliance

              The bigger question is why are you using Moneris?
              The simplest answer is I'm in Canada, and there aren't many options.

              Two years ago we were going to use PSiGate here in Canada. When I contacted them originally about using them as our gateway, informing them that I was using MM5, they said yep, no problem, that they were compatible. Well, that turned out not to be the case. They were compatible with 4, but not 5. We had many back and forth discussions between PSiGate, Miva, my designer and myself, over probably a couple of months, trying to get things sorted out. Unfortunately it took about a year for PSiGate to become compatible with MM5. Also around that time I contacted Moneris and was told that they were not compatible with MM5 either, so I had no choice but to go with PayPal. As I mentioned gateway providers in Canada were far and few between at the time. Then I found out that Sebenza had a module that would act as an intermediary between MM5, and Moneris, which has brought me to this point.
              JIM - GRACEFULLY EROTIC
              deliciouslyTEMPTING
              http://www.gracefullyerotic.com/sfnt.html

              Comment

                #8
                Re: Moneris PCI Compliance

                The simplest answer is I'm in Canada, and there aren't many options.
                That's a legitimate answer.

                Our product has no problem passing PCI Compliance and you should check with your host to see if they've had any issues. And talk to Sebenza about their module, you shouldn't have any problems.
                Thanks,

                Rick Wilson
                CEO
                Miva, Inc.
                [email protected]
                https://www.miva.com

                Comment

                  #9
                  Re: Moneris PCI Compliance

                  The simplest answer is I'm in Canada, and there aren't many options.
                  To clarify, we did not decide to go with Moneris because, there are, or at least we perceive there to be few options with regards to Merchant Service Providers. In Canada at least, Moneris Solutions are one of the biggest, if not the biggest Merchant Services Provider in the country. So we're quite comfortable working with them.
                  JIM - GRACEFULLY EROTIC
                  deliciouslyTEMPTING
                  http://www.gracefullyerotic.com/sfnt.html

                  Comment

                  Previous template Next
                  Working...
                  X