• May 2025 Turning Challenge: Long Neck Hollowform! (click here for details)
  • Congratulations to Phil Hamel winner of the April 2025 Turning Challenge (click here for details)
  • Congratulations to Dion Wisniewski for "Basketweave" being selected as Turning of the Week for 12 May, 2025 (click here for details)
  • Welcome new registering member. Your username must be your real First and Last name (for example: John Doe). "Screen names" and "handles" are not allowed and your registration will be deleted if you don't use your real name. Also, do not use all caps nor all lower case.

Do you take credit cards? Have you heard about PCI compliance?

Steve Worcester

Steve Worcester

Admin Emeritus
Joined
Apr 9, 2004
Messages
2,723
Likes
129
Location
Plano, Texas
Website
www.turningwood.com
I recently got a notification from my merchant account that I have to be PCI complaint. Seems there is a federal mandate for this, Payment Cards Industry (PCI) Data Security Standard (PCI-DSS). (While this a bit off-topic, it will affect your costs and the way you do business)
With (most of us) our sole-proprietor status, we don't work the same way the merchant companies want us to and if you are non-compliant, you will be accesses another monthly fee. So I took the survey (over 200 questions) and was found to be non-complaint. Sure, I could have just answered "Yes" to most questions, they weren't really applicable to the way most of us work with credit card transactions and with our computers.
With that, I find there is no one to talk to about this in the company that I took the survey with.

The fee for me will be $20 additional per month. Couple that with the increased fees of reward cards (unqualified cards) you could be looking at >%6 for some credit card transaction plus the cost to run the transaction itself. This will affect pricing in the small business as we try to remain competitive and keep prices down to our customers.

Have you guys heard about this? What are you going to do?
This may seem like am off topic rant, it is coming to those all artists and merchants that take credit and debit cards in all fashions regardless of how much business you do with credit cards and who your merchant service is.
 
I went through the same thing a month ago with my company. I filled out a short form then sent it in so the $12 fee should stop on the next bill... I have a wireless unit and keep no credit card numbers. Don't get caught by any web sites that offer to fill out the form for you... the one the card company sent was "only" $320 LoL

Reward cards have been a problem, rewards are paid by the merchant when the card is used not by the credit card company. The bad thing is you don't know what the rewards percentage is until you get the monthly bill. It's a problem that needs to be addressed.
 
We've had a dial-pay merchant account for over five years. This PCI compliance garbage is really just another rip off from the merchant's perspective, but it shouldn't cost you anything if you're not using anything but a manual swiper and dial-pay - no computers, no electronic devices, etc. The whole object of PCI compliance is about safeguarding electronic information so no one can get credit card data illegally. I've gone through the certification bit twice and never had to pay anything, since we're electronically stupid as far as this data is concerned.

Something to be said about being dumb.
 
waltben said:
]but it shouldn't cost you anything if you're not using anything but a manual swiper and dial-pay - no computers, no electronic devices, etc....
Click to expand...

You may want to check your processor on this. We use Elavon (NOVA) and even if I check a box that says I am compliant, there is a $35 admin fee. There is still PCI compliance requirements if you use a knuckle buster and carbon receipts in that you have to shred the merchant copied within x hrs, storage in a secure facility, etc.
 
We don't have any additional monthly fee, and I've not seen anything additional added for PCI. They also recommend keeping your copies as business records, and the secured storage bit is easy unless you've a store. We keep them in our records cabinet at home - which is locked.
 
waltben said:
We've had a dial-pay merchant account for over five years. This PCI compliance garbage is really just another rip off from the merchant's perspective, but it shouldn't cost you anything if you're not using anything but a manual swiper and dial-pay - no computers, no electronic devices, etc. The whole object of PCI compliance is about safeguarding electronic information so no one can get credit card data illegally. I've gone through the certification bit twice and never had to pay anything, since we're electronically stupid as far as this data is concerned.

Something to be said about being dumb.
Click to expand...

That's correct, I work at a car dealership and process cards when I'm at shows. Upon recieving our letter regarding compliance I called our card processing company and they said as long as we are not processing and storing the data on a computer system it did not apply. No fees. If you've ever returned an item to Home-D, or Menards they they credit back your card without having to see it.

Frank D
 
Steve, I literally just got off the phone a few minutes ago with my bank. I just canceled our merchants account which I have had since 1996. We got all this stuff in the mail months ago, and I was told that my secure website was not secure because the company that provided it was not approved. I could still take credit card information over the phone and in person though, so I changed my website to reflect that information, and continued on.

I have noticed though, that while my business continues to grow, the usage of credit cards has dwindled to the point of being insignificant. The vast majority of my web customers use PayPal, and those who want to put a card through can do it via PayPal. For tools, lessons, woodwork, turnings, etc, virtually every sale is one that has been discussed and planned with the customer, so I have almost no impulse purchases at all. The closest I get to that anymore is when I am teaching at a club somewhere, and even then they are planned to an extent. People will bring a blank check, or X number of dollars, and that is their limit.

So, I canceled my account. If I ever start doing shows again, perhaps I will start one up again, but for now it is just a drain on my bank balance. I don't know if this helps anyone, but I thought it interesting that I had just concluded the matter, and then signed in here for the first time in a week.
 
Steve Worcester said:
... we take orders over the web...
Click to expand...

I know practically nothing about the subject, but it seems like taking orders over the web means that a computer is involved.

As a customer who buys things from small merchants at SWAT and sometimes club demos, the carbon paper thing is more of a concern than electronic transactions. I have seen carbons in and around trash cans -- it's almost like laying a credit card on the ground.

Bill's PayPal solution seems like a great idea. It is the solution used by most eBay merchants.
 
Bill Boehme said:
I know practically nothing about the subject, but it seems like taking orders over the web means that a computer is involved.

As a customer who buys things from small merchants at SWAT and sometimes club demos, the carbon paper thing is more of a concern than electronic transactions. I have seen carbons in and around trash cans -- it's almost like laying a credit card on the ground.

Bill's PayPal solution seems like a great idea. It is the solution used by most eBay merchants.
Click to expand...

The PCI stuff has more to do with electronic that paper storage, although the later is covered. For electronic, like Bill found out, it is the service provider that has to be compliant unless you host your own servers, like a large store would (think Best Buy, Walmart, maybe a Craft Supplies or that type).Because the servers would not have to be in house, they could be your servers at a internet provider site.
In my case, the data never touches my home (internal) network, and after reviewing my survey, I have gone back and become PCI compliant. But we will have to see if my provider is.

It is the type of thing, that as a consumer you appreciate, but as a small business, you dread. It is another monthly charge that east away at continually shrinking profits.

Think about the guy selling a lathe, typically it is a lower profit margin than you would think, and you use a rewards card, so he gets hit for %4 on the transaction. It gets real tight.
 
My experience was exactly like Doug Thompson's, short questions over the phone and no monthly fee added............at least none YET.

I use a separate company (not my bank) and they seem fair with the % they take except for those danged Reward cards. I had to stop taking AmerEx and Dis because they raised their rates and told me I did not "generate enough business" for them! that's good :cool2: because they take more than Visa or MC.

The service charge is from IRN but I don't know if that's the actual company or the bank that processes the money exchange. The less I know, the happier I am! :D
 
Bill Grumbine said:
....................
The vast majority of my web customers use PayPal, and those who want to put a card through can do it via PayPal. For tools, lessons, woodwork, turnings, etc, virtually every sale is one that has been discussed and planned with the customer, so I have almost no impulse purchases at all. .
Click to expand...

Bill, doesn't PayPal charge fees, too? Are they less? When I get a payment through PayPal, it seems they take out more than the card company I'm using. Is that my imagination again?!?
 
Ruth Niles said:
Bill, doesn't PayPal charge fees, too? Are they less? When I get a payment through PayPal, it seems they take out more than the card company I'm using. Is that my imagination again?!?
Click to expand...

Not the Bill who you are addressing, but I know that eBay sellers almost universally prefer PayPal (except for the dishonest ones) and many only accept PayPal. A couple years ago I looked at the PayPal fees for sellers and seem to recall that they were fairly low.
 
We looked into PayPal, and it certainly has advantages if the majority of your transactions are over the web. It's recognizable and quite secure for certain. The drawback is the 'hit' you take from them - much higher than what we've experienced with M&T.

All our card transactions are either in person at shows or over the telephone (sometimes after swapping emails). All dial-pay transactions are 'mail-order' (that's what the bank told us to use when I described how we operate and with manual swiping). A really busy show may have twenty to twenty five transactions a day, but we average between fifteen and twenty (roughly around $80 or so each). I call them in during slack times or in the evening. I've been sorely tempted to get an electronic store and forward device, but with this PCI thing, I'm happy with what we've got.
 
And, Ruth -

We only took Visa and MC until a month or so ago when M&T sent us a letter GIVING us Discover for no additional fee. We've had almost a thousand transactions in five years and I can't recall more than a half dozen sales lost because of not having AmEx or Discover.
 
waltben said:
And, Ruth -

We only took Visa and MC until a month or so ago when M&T sent us a letter GIVING us Discover for no additional fee. We've had almost a thousand transactions in five years and I can't recall more than a half dozen sales lost because of not having AmEx or Discover.
Click to expand...

Walt, I think AmEx is getting a "reputation" because that the only card customers say "you probably don't take AmEx, right?" There's a lot of places that won't take it. They give their card holders high-end rewards and we pay for every one of them!
 
I still don't take cards, and this discussion isn't likely to convince me to do so. I always check the locations of ATMs where I'm showing, and folks seem comfortable with my explanation for only taking cash. I tell them I'm cheating on my taxes, and don't want a paper trail. I put the piece aside, with their name on a card, and they come back with cash. Wonder if we couldn't convince the folks who organize the event to print locations of ATMs in the programs.

If you think this is fun, you should try HIPAA compliance.
 
Ruth Niles said:
Bill, doesn't PayPal charge fees, too? Are they less? When I get a payment through PayPal, it seems they take out more than the card company I'm using. Is that my imagination again?!?
Click to expand...

Ruth, they do charge a fee, and it can be more than what the transaction fee is per transaction with my merchant's account. But, I take into account the monthly maintenance fee, which has been steadily climbing, and dividing it by the number of credit transactions I actually make during that month. In other words, I am taking into account the total cost per transaction, regardless of how the bank tries to disguise or distribute the costs.

Years ago when I was doing a number of shows per year, and I was getting lots of impulse buying, the merchant's account was a good thing. Now most of my sales are planned ahead of time, and people are writing checks or paying cash. When I take the total number of credit sales and factor in the maintenance fees, it gets a lot more expensive real fast. I don't care where the money goes, if it goes out of my pocket it is out of my pocket, whether to the bank, to PayPal, to the government or whatever. All that matters is that it cuts into my profit margin, and it is profits that keep us in business.
 
Cheating????

MichaelMouse said:
I still don't take cards, and this discussion isn't likely to convince me to do so. I always check the locations of ATMs where I'm showing, and folks seem comfortable with my explanation for only taking cash. I tell them I'm cheating on my taxes, and don't want a paper trail.


MICHAEL!!!!!!!! Hope this was tongue in cheek???!!!:D Gretch
Click to expand...
 
PayPal has an option that allows you to take credit cards in whatever way you can get the number and enter it onto their system for payment. Cost is $30 per month. That has been a reasonable way to handle the miscellaneous transactions at shows, on-line, and telephone. I use a swiper at shows so I have their information, and they have a receipt. I don't have the ability to verify or do an instant credit check at a show, but I works for me.
 
There are other options out there besides a merchant accounts. Companies like ProPay http://epay.propay.com/ do a reasonable way of taking credit cards. It works out to a monthly fee of $5 and a transaction fee of $.35 and aprox 3%. It works well for those who are starting out, or who just does a few shows a year. You can dial them in for immediate confirmation or type them in at the web site at a later time.

They have worked well for me.
 
Aaron G+11 said:
There are other options out there besides a merchant accounts. Companies like ProPay http://epay.propay.com/ do a reasonable way of taking credit cards. It works out to a monthly fee of $5 and a transaction fee of $.35 and aprox 3%. It works well for those who are starting out, or who just does a few shows a year. You can dial them in for immediate confirmation or type them in at the web site at a later time.

They have worked well for me.
Click to expand...
ProPay is also who I use. I do few enough shows per year that the higher per-transaction cost is more than offset by the much lower monthly fees.
 
I'm currently involved at work in helping meet PCI compliancy because we do store credit card info. In short, PCI came about from major credit card company's, and help reduce your liability if you store credit card info on your computer. If you store CC info, are not compliant, and get hacked, the fines are steep and you'll loose the ability to accept credit card transactions. If you are compliant, you get reduced rates, and the liability is reduced. I also believe that twice a year, an outside source has to do a security scan to see if you are meeting PCI compliancy. The part I'm invloved in is the network security portion and the selection of a File Integrity Monitoring software. Here are some links

http://www.pcicomplianceguide.org/
http://www.pcicomplianceguide.org/merchants-20090416-cost-data-breach.php

https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml

Question Forms:
https://www.pcisecuritystandards.org/saq/instructions_dss.shtml#instructions

If you store credit card data:
https://www.pcisecuritystandards.org/docs/pci_saq_d.doc
 
Although I posted several comments on my current (now former) provider, I've just found out that Metavante, the major clearing house for merchant accounts, has changed its policy for completely manual folks like my wife and I. We have only used a knuckle buster for eight years and I went through the first compliance bit without any problems, printed out my certificate and then called Metavante. The customer service person I talked to told me that I wouldn't have to worry about PCI as long as we stayed completely manual with securely stored paper only records.

Our last statement hit our bank account for non-compliance and an annual compliance fee (why one for non-compliance and the other for compliance?) for a total of $100. When I called Metavante (took over three hours to actually talk to someone since they've been bought out and merged with someone else and most of their lines don't ring), I was told I had been 'misinformed' and that I had to pay the fees because we WEREN'T electronic and thus could not be certified as compliant.

I could go on for some time about what I now believe the whole PCI bit is about, but I can guarantee you security is one of their last concerns - otherwise, why only a $25 monthly fee for being non-compliant? No big retail store will worry about that. Just another way to get more revenue.
 
You must log in or register to reply here.
Back
Top