Hello,

I'm working on putting together an all encompassing list of payment gateways and processors.

http://www.onlineventure.net/gateways.php

However, I'm having trouble verifying that some of these gateways are compliant with Visa's Cardholder Information Security Program (CISP) and the Payment Card Industry (PCI) Data Security Standard (DSS). They are not listed on Visa's website as being compliant. I've tried to locate these gateway's/processors under different names based on who owns the company, but I've had no luck. So, are these gateways/processors not compliant with industry security standards? I can't imagine that Visa/MC would continue to allow them to operate if they were not.

Here is the list of providers that I can not verify compliance for. I've only got up to the i's so far, so there may be more.

2checkout.com
BluePay.com
ecx.com
eway.com.au EWAY (Electronic Funds Transfer Way)
eznetcash.com (EZNP)
fasttransactonline.com

thoughts/answers?

Actually, the sites you have mentioned aren't gateways. They're third party processors. Big difference.

Last time I checked Netbilling was also not on the list as a payment gateway. The best is to email the company, ask them what date they were verified and by what company

Actually, the sites you have mentioned aren't gateways. They're third party processors. Big difference.

As far as CISP/PCI is concerned, there is no difference. They store, process, and/or transmit cardholder information. They need to be listed as a compliant service provider.

As an example, the following Processors (not gateways) are on the same list as the compliant gateways.

TSYS/Vital (http://www.vitalps.com), NOVA (http://www.novainfo.com), Chase Paymentech, (http://www.paymentech.com) Global Payments (http://www.globalpaymentsinc.com), First Data (http://www.firstdata.com/).

First Data is actually a transaction processor for a lot of the electronic payment gateways like LinkPoint, Verisign's Payflow, and Authorizenet.com.

2CO is similar to a third party processor. They resell your products and services on their secure website. I would imagine that they would have to be Level One compliant.

Bluepay I think uses Authorizenet.com as the gateway - I think it is similar to LinkPoint and Yourpay. Chase / Paymentech resold the LinkPoint gateway as YourPay because First Data fully owned Cardservice and took control and re-built the gateway. Hopefully by next quarter once they get their redundant datacenter up and running - they will decide on which name to keep.

Hello,


Here is the list of providers that I can not verify compliance for. I've only got up to the i's so far, so there may be more.

2checkout.com
BluePay.com
ecx.com
eway.com.au EWAY (Electronic Funds Transfer Way)
eznetcash.com (EZNP)
fasttransactonline.com

thoughts/answers?


The reason some aren't listed is because they are private label front ends of other gateways/networks or act as a shopping cart not a gateway.

There's only a few actual gateways and many you see are private labels or the gateway leases the actual backend from a certified gateway.

I know first hand that Visa won't list a private label gateway if it's already listed
under another gateway even though some are on their list.

For example:

BluePay.com = Nobel
ecx.com = Merchant Partners
Epoch = Paycom

http://www.safemerchant.com is a CISP/PCI compliant gateway listed w/ Visa that you might check out. I actually worked with them until earlier this month.

If they are listed in one of these, then they are compliant:
http://usa.visa.com/download/business/accepting_visa/ops_risk_management/cisp_List_of_CISP_Compliant_Service_Providers.pdf?it=il|/business/accepting_visa/ops_risk_management/cisp_tools_faq.html|List%20of%20%0A%0ACISP-Compliant%20Service%20Providers