Results 1 to 16 of 16
  1. #1

    Merchant account

    Will the seller have access to the credit number numbers if the buyers order through the seller's merchant account? Thanks for Helping.
    <<Please see rules for signature setup>>

  2. #2
    Join Date
    Feb 2002
    Location
    New York
    Posts
    1,156
    There is such option but I highly recommend you not to have access to Credit Card numbers or keep them in your own database. It is also against Mercnaht Providers policy to give you access to CC info.

    Best Regards
    Dimitar
    DawHB.com - Web Hosting Blog | VPSHostDir.com - VPS Hosting Media

  3. #3
    It will depend on the Merchant and/or Gateway. Some merchants keep records of Credit Cards others don't. It will always depend on Merchants policy.

  4. #4
    Join Date
    Jul 2003
    Location
    Castle Pines, CO
    Posts
    7,189
    The seller is the merchant, right? You can store CC numbers but as mentioned - not advisable due to hacking, etc. But do not store the CCV numbers at all.

  5. #5
    Join Date
    Aug 2003
    Location
    Chesapeake, VA
    Posts
    3,379
    Some payment gateways will allow you to view or download the credit card data if necessary. And most PC software apps allow you to store that data.

    You'll want to review the CISP/PCI rules for the secure storage of credit card data and only store it if there is an absolute need to do so... keeping in mind that many gateways offer a "re-submit" function that lets you run a new order using a previously used credit card without having to see the full CC# details.
    CDGcommerce.com - Trusted Merchant Account Solutions since 1998
    Many thousands of successful, growing businesses benefit from our expertise every day. You can, too!
    We help merchants to eliminate gateway costs, reduce & mitigate fraud and achieve streamlined PCI compliance.
    Learn more today at http://www.cdgcommerce.com - we look forward to helping your business grow!

  6. #6
    A merchant would be waaaaay out of compliance if they provided more than the last four digits of an account number, be it credit card or an ACH account. CISP audits are strict and can result in heavy fines and/or loss of license with Vias, MasterCard, etc.

    On top of that, some data is 100% off-limits as far as storage goes. For instance, the CVV (those 3 digits on the back of your credit card on the signing strip that don't appear elsewhere on the card) cannot be stored *anywhere* at *any* time.

  7. #7
    Join Date
    Aug 2003
    Location
    Chesapeake, VA
    Posts
    3,379
    It really depends on the application. Per the CISP/PCI rules you can provide up to the first 6 digits and last 4 digits or even the entire card # on an "as needed" basis... there is leeway present depending on the scenario in question.

    However, if you will not be re-submitting or conducting recurring transactions, it is always good practice to only store the minimal amount of data needed to match up a credit card in the event of a dispute or inquiry.

    The best solution for any merchant processing transactions is to use a CISP-certified gateway or software package and to safeguard access to any systems that store or handle their credit card processing.

    If you are talking about actually becoming a payment gateway provider, then there is a whole new level of certification required far beyond that of a typical merchant - not to mention going through the Visa TPS sponsorship program with a bank who is willing to underwrite the corresponding liability that comes with that.
    CDGcommerce.com - Trusted Merchant Account Solutions since 1998
    Many thousands of successful, growing businesses benefit from our expertise every day. You can, too!
    We help merchants to eliminate gateway costs, reduce & mitigate fraud and achieve streamlined PCI compliance.
    Learn more today at http://www.cdgcommerce.com - we look forward to helping your business grow!

  8. #8
    3D Secure does not allow the merchant to use the CC number at all; it stipulate that only the cc owner must input the cc number and aother details (CVV2, 3D Secure password, etc).

    Thus, only a few merchants allow recurent payments in 3D Secure (I don;t know more details here...)

  9. #9
    Join Date
    Aug 2003
    Location
    Chesapeake, VA
    Posts
    3,379
    Well - you can do recurring payments and also use 3DSecure/Cardholder Authentication but - you won't be protected on the subsequent recurring ones.

    I.e. if someone does a first transaction which is cardholder authenticated for say, $25 and then gets put into a recurring billing cycle for $25/month thereafter and does 5 more subsequent billings... only the first one will be "protected", not the others.
    CDGcommerce.com - Trusted Merchant Account Solutions since 1998
    Many thousands of successful, growing businesses benefit from our expertise every day. You can, too!
    We help merchants to eliminate gateway costs, reduce & mitigate fraud and achieve streamlined PCI compliance.
    Learn more today at http://www.cdgcommerce.com - we look forward to helping your business grow!

  10. #10
    Join Date
    Jul 2003
    Location
    Castle Pines, CO
    Posts
    7,189
    CDG is of course correct about the VBV / MSC program. For this to take affect, it has to have the customer's interaction. And any recurring charges that do not have that, will not be protected. You could potentially use a billing service that would support customer interaction to be protected though

  11. #11
    Join Date
    Aug 2002
    Location
    Hong Kong
    Posts
    417
    is there a responsibility put on the merchant if some cc info is accidentally leak out?

    coz some ppl may thk of implementing their own billing system to support recurring billing which requires storing the cc info in their own db, is there a potential risk on it?

    thanks

  12. #12

    Responsible

    Originally posted by lwknet
    is there a responsibility put on the merchant if some cc info is accidentally leak out?

    coz some ppl may thk of implementing their own billing system to support recurring billing which requires storing the cc info in their own db, is there a potential risk on it?

    thanks
    If you as the merchant stores cc info and it leaks out and get misused, you/your company will be held fully responsible.

  13. #13
    Join Date
    Aug 2002
    Location
    Hong Kong
    Posts
    417

    Re: Responsible

    Originally posted by fun2fun
    If you as the merchant stores cc info and it leaks out and get misused, you/your company will be held fully responsible.
    thanks for that

    who pays for the lose of cardsystems fault? is it cardsystems itself?

    is it alreaady bankcrupt?


  14. #14
    If my website use 3D Secure but the tranzaction was not a 3D Secure tranzaction, who pays the chargeback (if it was a fraud tranzaction of course)?

    Have you met this kind of situations?

  15. #15
    Originally posted by webshield
    If my website use 3D Secure but the tranzaction was not a 3D Secure tranzaction, who pays the chargeback (if it was a fraud tranzaction of course)?

    Have you met this kind of situations?
    I think if your web site attempts authentication, you are covered. Is this correct anyone?

    IR

  16. #16
    Join Date
    Jul 2003
    Location
    Castle Pines, CO
    Posts
    7,189
    Originally posted by ISOrep
    I think if your web site attempts authentication, you are covered. Is this correct anyone?

    IR
    As far as I can remember yes. I have not studied that in a long time but that seems to be correct

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •