Payments - PCI Compliance

PCI Compliance is an important security measure to protect credit card data. If payment integration is with Global Payments (OpenEdge), CardConnect, Square, or PayPal, they are automatically PCI compliant as the card data passes directly from client to merchant provider, but for others (, PayJunction), it runs through our server first, and even though we don't store the card details, since it first goes through our server before passing to the merchant gateway, it would be deemed non-compliant.

Many merchant providers charge a PCI compliance fee or non-compliance fee. Sometimes they tell you it's because you aren't compliant and sometimes they tell you the fee is passed on to you to cover their own costs to be PCI compliant. Either way, it never hurts to call and ask your merchant provider to see if you can avoid those fees.

Global Payments (OpenEdge)

To avoid a monthly non-compliance fee showing up on your merchant account statement, please read the following. You'll need to fill out the questionnaire when you first start, and then also annually (you should get an email notifying you of this).

If you are getting the monthly fee and can't find the necessary emails:
1. Get your Merchant ID
2. Call ControlScan at 800-370-9180
3. Fill out questionnaire they provide (see here to make sure you get the shorter version)
4. When asked about Processing Method, be sure to choose the 'Payment page outsourced to third-party provider' option

Card Connect

SecureTrust is their compliance partner. You can reach them at 877-257-0239. You'll need your merchant number. When they ask you how you accept payments, you need to answer as follows: "I use CardConnect's Hosted iFrame tokenizer."

Below is a guide to accurately answer the CardConnect PCI questionnaire.

Square & PayPal

No action is needed.

Is this article helpful?
0 0 0