Software for Party Rentals, Events, and Services
 
SupportKnowledge BasePayments
Knowledge Base
Getting Started Leads Contracts Quote Pages Emails Quickbooks Calendar Customers Reports Organizations Settings Rental Inventory Delivery / Routing Workers Website Integration API Taxes Sales CRM Surveys and Testimonials Locations IO Phone Blog Pricing Embedded Documentation Dashboard Payments Account Subscription Best Practices Marketing
Related Articles
Properties
Author Susan M.
Tags PCI Compliant, credit card security, secure, protect credit card information, PCI Compliance

Payments - PCI Compliance

PCI Compliance is a security process to ensure cardholder data remains secure. For payment integration with Global Payments (OpenEdge), CardConnect, Square, or PayPal, the card data passes directly from client to merchant provider, but for others (Authorize.net, PayJunction), it runs through our server first, and even though we don't store the card details, since it first goes through our server before passing to the merchant gateway, it would be deemed non-compliant. The latest PCI requirements may require a website scan to take place.

Many merchant providers charge a PCI compliance fee or non-compliance fee. Sometimes they tell you it's because you aren't compliant and sometimes they tell you the fee is passed on to you to cover their own costs for them to be PCI compliant. Either way, it never hurts to call and ask your merchant provider to see if you can avoid those fees.

Global Payments (OpenEdge)

To avoid a monthly non-compliance fee showing up on your merchant account statement, please read the following. You'll need to fill out the questionnaire when you first start, and then also annually (you should get an email notifying you of this). You'll also have to have a quarterly website scan.

Overview:

1. Go to https://pciassure.gpndi.com/ and login
2. Answer the basic info about your business
3. Payment Related Services: No
4. Processing Method, choose: Processing using a shopping cart
4a. Shopping Cart: Payment page entirely outsourced

5. For the company policy, choose the 'I do not have one, I will implement template'
6. For website scan, enter your website domain name. Click 'Scan site', wait for email in a few days to resolve issues. (or use https://rental.software if not using our wordpress integration)

7. The scan results will need manual intervention to resolve: 
- mark related hosts to no
- in special requests mark all as 'securely implemented'
- in the vulnerabilities, filter by pci compliant No, and mark as false positive with reason: security patches are applied nightly

Video walk-through: 
https://www.loom.com/share/ff13f30204c04cac9fe9c2d...


Card Connect

SecureTrust is their compliance partner. You can reach them at 877-257-0239. You'll need your merchant number. When they ask you how you accept payments, you need to answer as follows: "I use CardConnect's Hosted iFrame tokenizer."

Below is a guide to accurately answer the CardConnect PCI questionnaire. 
https://rental.software/docs/CardConnect-PCI-Guide...


Square & PayPal

No action is needed.

Is this article helpful?
0 0 0
Powered by: UseResponse - Knowledge Management Software