Power Sellers Unite

robinsroosttreasures · Joined: 28 Sep 2006 Posts: 41

I received a letter from Elavon that indicates that, as a merchant that uses a software application for payment processing, I must sign up for TrustKeeper with a fee of $135 annually, with documentation to validate current PCI DSS compliance status. Others at the mall where my main store is have also received this letter, and on calling, find that because the mall serves as a third party, it is not in compliance.
I was wondering if anyone else has received one of these letters, and how they worked it out. My merchant account is with Intellipay/Authorize.net .

knappschiles · Joined: 25 May 2005 Posts: 4035 Location: Wi

I haven't gotten any of those letters, but I did hear about them, or something like it last year.

As best I can remember, as long as you (your site or server) doesn't collect the credit card info, you don't have anything to worry about.

I'm not sure what you mean by the "mall acts as a 2rd party". Is the mall doing the credit card processing ?? If it is, then IT should need to have the TrustKeeper thingy.

If the mall is only acting as a "cart" that collects the item info but then re-directs to some place like Google Checkout for the card processing, I don't think they need anything either.

I can't swear my info is totally correct, but I'm selling at a web site, Blujay and eCrater and take credit cards thru Google or PayPal and NONE of the sites have required ME to have any "compliance".

Why don't you contact Intellipay and see what they have to say ?? I wouldn't sign up with anything demanding money until I know more about that whole thing.

JMO,
Carol

robinsroosttreasures · Joined: 28 Sep 2006 Posts: 41

The mall, TIAS.com, sends me the credit card information, and then I go to Authorize net and enter the information.
I also have Paypal as a choice, but not everyone wants to use Paypal.
Occasionally customers pay with check or money order, but not often.
There has never been a problem before, but suddenly, it seems, folks are going to have to use Paypal or not buy.
This Elavon letter is going to people who have merchant accounts, which they access online.

ovrdubil · Joined: 06 Aug 2006 Posts: 70 Location: Richmond, Kentucky

Contact whomever you have your Merchant Account thru. Mine is AUTHORIZE.net, and I have not received anything like that. Unless I receive it from my Merchant Server or from a legal source I would disregard it. But DO look into it... check it out as best you can.

robinsroosttreasures wrote (View Post): › docWrite("quote")I received a letter from Elavon that indicates that, as a merchant that uses a software application for payment processing, I must sign up for TrustKeeper with a fee of $135 annually, with documentation to validate current PCI DSS compliance status. Others at the mall where my main store is have also received this letter, and on calling, find that because the mall serves as a third party, it is not in compliance.
I was wondering if anyone else has received one of these letters, and how they worked it out. My merchant account is with Intellipay/Authorize.net .

tessa · Joined: 12 Aug 2006 Posts: 145

Never heard of Elavon but VISA & MC does have a security compliance project going on. It's been in the works for years. I know about it from my RL job experiences... I don't collect CC data on my site or any of my sites I sell from so we are not affected (this is one reason why). Definetely check with your merchant account provider to make sure they are compliant though, as there are astronomical fines involved for non-compliance and security breaches especially on the VISA logo side.

robinsroosttreasures · Joined: 28 Sep 2006 Posts: 41

Elavon is what used to be called Nova.
I will call Authorize.net as soon as possible to see what they say.
I hope it will all work out.
I thought there would be more people here who take credit cards (Visa/MC/AmEx) and would be affected.

CanadianContent · Joined: 15 Jun 2008 Posts: 158

We are with Elavon (Canada). I haven't received any notification about this.

knappschiles · Joined: 25 May 2005 Posts: 4035 Location: Wi

The mall, TIAS.com, sends me the credit card information, and then I go to Authorize net and enter the information.

I think that is the key -- you see the CC info.

Talk with Authorize.net about how you can set-up a site without actually hancling the CC info. It's possible that the whole process won't be possible thru TIAS. Maybe thru something like the 3rd party checkouts used by eBay. I just don't know about that site.

Most sites with a "cart" system have the "checkout" part isolated from us, therefore we don't even see any of the CC info at all. That's why no need for the security verification stuff. At least that's the way it is for my sites.

I really don't know how TIAS works, but if they allow it, a simple solution for you might be to set up a "cart" thru "Mals cart" http://www.mals-e.com/
You would have your merchant account set-up in Mals and would put a "buy" button in your listings. When someone buys, the sale is processed thru the cart FIRST before you see it. You then get a notice from them of the sale all done and paid for. You never see the CC info.

If that's not an option at TIAS, then maybe TIAS will have to change how they handle orders. As it looks now, TrustKeeper would be an expensive fix for all their members. Not exactly what most looking for eBay alts had in mind.

Carol

robinsroosttreasures · Joined: 28 Sep 2006 Posts: 41

Thanks, Carol, for the link to Mal’s. I went to their forum, and found that folks there are having similar problems, even in the UK. One writer, answering the UK question included the following:

“My credit provider is threatening with a monthly fee if I don't show compliance, either through the self certification that I mentioned, or proof that I am paying another company significant fees to assure that compliance.”

Another person said:
“For anyone interested in the PCI card compliance rules and regulations, here is the official web site https://www.pcisecuritystandards.org/ Here you can decide which category of merchant you are and complete an appropriate self assessment form. It seems nobody can escape this, even if you use a humble paper impression machine. Best of luck”

The person from UK concluded the conversation with:
“Maybe using a pigeon with a cash canister strapped to its leg would be safer? “

By the way, Carol, I remember you from the Great Cow site. I lost $50 when they closed down, and didn’t deposit the money from sales I had made there.

knappschiles · Joined: 25 May 2005 Posts: 4035 Location: Wi

UH, sorry you lost on that deal. I never got into Great Cow enough to have anything to lose there.

I haven't been to Mal's site recently so I didn't know some of them were also having problems. Tho I don't understand why as I don't think Mal's shows OR stores CC info.

If Visa/MC don't figure out something better for small fry like most of us are, they will lose a lot of "merchant accounts" back to Google Checkout and PayPal.

Personally I don't do enough business except for a couple of months to pay for a merchant account. So I mostly use Google and a little bit PP. That way I never see any sensitive info.

Carol