If you take credit cards in your billing program

you need to read http://www.virtualmin.com/documentation/id,pci_compliant/

I just wrote this to help others that need to become PCI Compliant as this will be enforced June 2009.

To be short if you have your own billing program like WHMCS and you take credit cards you must be PCI compliant by the end of May 2009 or face fines and your merchant account disabled.

If you only take PayPal or any other like services you do not need to follow this. This excludes PayPal PayFlo which is still a virtual credit card terminal and you must be PCI Complaint.

nice writeup… i dont understand why you need to disable imaps and pops thought - surely logging in via ssl is more secure than sending passwords plain text?

This is WorldWide and not just North America.

a). Credit card companies cannot levy fines.


b). There is no such thing as a law that is applicable ‘worldwide’.

That said, credit card companies do have the power to close your merchant account with their (and only their) particular credit card brand, obviously. :slight_smile:

Credit card companies levy the fines against the bank processor who in turn levies the fine against you and/or disables your merchant account.

Yes there is such a thing as worldwide seeing that VISA is worldwide and therefore can enforce their agreements. PCI is a worldwide standard if you don’t think it is email them and tell them they lie.

Only takes a bit of thinking to understand that.

cyberthom wrote:

nice writeup.. i dont understand why you need to disable imaps and pops thought - surely logging in via ssl is more secure than sending passwords plain text?

Which is why ftp should not be used unless absolutely necessary and only using TLS. And disable every program you do not need. The less running the better you are.

Yeah, another industry "Shakedown".

They tried it a few years ago and so many people called the various industry scammers involved (such as First Data Corp) to complain about all the BS that the entire (US) merchant processing industry realized they weren’t going to be successful enforcing it and had to give up the scam!

Most of the industry players who voted to try this on us were also trying to sell $900 “website compliance audits” and etc… But if they had kept at it they’d have had no small customers left because nobody could afford to implement the compliance they wanted.

I intend to ignore it and complain loudly to whomever tries to do the finger shaking.

In the worst case scenario, it’s unlikely they would cancel your account… hehe… that’s how they make their money… no, instead, they will just threaten to cancel it then the transactions will “degrade”, ie., they’ll use this as an excuse to charge you more for the transactions in question.

Besides, If they don’t want your money just use overseas processors… Perhaps you are young or perhaps new to the business world, but trust me, overseas processors don’t care what phony “regulations” industry players in the US are trying to puff up by creating the illusion that they exist. They don’t. If that were true, you’d never be able to process Visa transactions in the very countries where most Visa transactions originate from and are processed in! There’s ALWAYS somebody out there who will be more than happy to swim in your upstream and fish in your downstream!

It’s all BS.

My processor didn’t even warn me. They took $129 out of my account and sent a notice in email that I had until end of May to comply or my merchant account would be closed. At least it was only $129 and not the thousands others have been scammed from and getting PCI compliant for me is rather easy to do.

HAHA… well, that shows you what an anti-regulation old man I am… I just went and read your write up. Actually those look like rules everybody should probably already be compliant with, not the more ridiculous ones they tried to play on us a few years ago.

All in all, though, I still agree with my cyincal post of a few minutes ago… this is is just another step by the industry to grant themselves unlimited authority to degrade your transactions.


Figures… so, they RETROACTIVELY degraded your transactions?

I’d sue them.

Who’s your processor and provider if you know?

I called VISA bitched them out for scamming merchants like. I told them this is exactly like strong arm robbery and that is a felony so what makes them above the law.

Oh and I have no time to find out overseas processors anyways. If I knew of any off the bat that took US clients I would go there.

Maybe that is something we should have in the wiki ?

1st National Processor out of Calabasas, California

Oh and my transactions were never degraded. At least I don’t see anything odd in my statements from them.

I don’t know anyone that actually likes the merchant services industry. :wink:

I think that as soon as we’re able we’re going to move all of our transactions to Amazon payments, PayPal, and Google Checkout, and not use Authorize.net and merchant services at all. The rates for Amazon and Google Checkout are actually better than what we get from our merchant provider, anyway. PayPal is more expensive than I like, but at least the level of fraud is dramatically lower (almost zero), so it saves us time. And all of those companies care at least a little bit about customer service and treating their customers like human beings. The merchant services industry is just hateful to buyers and sellers alike, and the sooner we’re rid of them the better, as far as I’m concerned.

OUTRAGEOUS. YES, it is EXACTLY that… a scam… they’ve done this in the past as well… and the entire industry just loves to jump on the bandwagon.

The amount they hit you for probably isn’t worth suing for and they know it… but it’s unlikely they’ll cancel your account if they are profiting from it, instead, they will just find a way to “offer” you transactions processed at a new, crappy degraded rate.

Welcome to the scummy scummy business world!

I assume the $100+ bucks they hit you for was to retroactively degrade transactions they processed this year at a better rate to a worse rate… that’s a guess, but a good one, because I know for a fact that’s how they operated in the past with several of us…

I thought google was more then normal processors ?

Currently I am paying 2.2% on all visa, mc and discover charges and pay a flat fee of $5.95 with AMEX.

I don’t do a ton of business - only about $4,000 a month but I have a lot of expenses as well. $1500 for servers and related stuff and I have a part time employee plus my normal business expenses so my real profit per month is maybe $700-900 on a good month.

I don’t think any of my transactions were degraded. I just looked at all my statements for the past year and the rates have not changed.

I thought google was more then normal processors ?

Currently I am paying 2.2% on all visa, mc and discover charges and pay a flat fee of $5.95 with AMEX.

You’re getting a much better rate than we are, on average. We get a range of rates based on several variables, but we end up paying the highest rate most of the time, since our customer base is remote, we never have card present or a signature or even a telephone confirmation, our current shopping cart and Authorize.net can’t selectively do address verification (and international cards never pass address verification, so we can’t turn it on for everyone or we’d end up turning away 50% of our business). Anyway, we pay about 3.75%+$0.30 for most of our transactions, though the low end of our rate is 2.mumble%.

If the process of setting up a merchant services account wasn’t such a damned nuisance, I’d shop around some. But, the whole business is stuck in 1986. Everything has to be done via fax or phone or mail. It’s crazy and the kind of thing that just makes me feel angry and frustrated whenever I have to deal with it.

The rates at Amazon are actually pretty good, and they also handle fraud better. I’m leaning that way, though our new shopping cart doesn’t have support for it yet. I’ve pinged the developers to see if we can encourage them to add it.

This was the best processor I could find out there so far -> http://www.advancedmerchantgroup.com/ with the best rates if you interested. Talk/email to Errick, he is my contact there and its a family run one so you get a better response from them.

I got setup in less then a day too. If you do get a merchant account with them tell them I sent you so I can get a finders fee LOL