WHAT IS PCI COMPLIANCE?

An interview from the archives of Mountain Media, parent company of Web Payment Software.

Dani: “Hi everyone I’m Dani Stein and we’re here today with Taunia Kipp from Mountain Media who is a Level 2 PCI-Compliant service provider. Now if you don’t know what PCI Compliance is, don’t worry neither do I yet, that’s why Taunia is here. She’s going to be clearing up a little bit about PCI compliance for us. So, Taunia obviously a lot of confusion surrounding what PCI compliance is. Can you explain it for us?”

Taunia: “Well, PCI stands for the Payment Card Industry. So, when we talk about PCI compliance we’re talking about the Payment Card Industry’s data security standards, also known as the PCI DSS. And I’ll apologize in advance: there are a lot of acronyms in this space, so I’ll try to explain them as best as I can. The PCI DSS or the data security standards are a set of requirements that were designed in order to ensure that organizations who handle – organizations or merchants – who handle credit card data, maintain a secure environment. And of course, that’s to protect consumers from credit card fraud, hacks and breaches.”

Dani: “So we know who it benefits: the consumers. Now to whom does PCI compliance apply?”

Taunia: “Okay well, PCI compliance applies to any merchant or organization who accept, transmit or store credit card data. So, it doesn’t matter the volume of transactions that they perform on a regular basis nor which method they utilize for accepting a credit card whether it’s in a physical store location or online for example or telephone. PCI applies to all.”

Dani: “Now Mountain Media is an ecommerce provider for online merchants. So now if I’m an online merchant and I have my SSL certificate for my website does that necessarily mean that I am PCI compliant?”

Taunia: “It does not, and there’s a lot of confusion there. While an online merchant of course wants to have an SSL certificate for their website which is a secure socket layer, does not, that is not going to prevent your web servers from malicious attacks. And there are a whole lot of other requirements that go in to becoming PCI compliant versus just having an SSL on your website.”

Dani: “So I am this online merchant. I have a third-party service provider like Mountain Media, who is PCI-compliant, why then do I have to be PCI-compliant?”

Taunia: “Well, merely using a third-party provider who is, or a third-party company of any type that is compliant does not exclude the merchant from being PCI compliant as well. Mountain Media, you know, working with a company like us who is a Level 2 service provider is obviously going to reduce your risk and exposure and also ultimately make it much easier to validate your compliance as a merchant working with a company like ours. There are requirements that you as a merchant have to abide by as well to become, to be PCI-compliant.”

Dani: “So there are actually different standards with PCI compliance. Who enforces these standards?”

Taunia: “Okay, well the Payment Card Industry data security standards are maintained and administered by the Payment Card Industry’s Security Standards Council. Or the PCI, let’s see, SSC – there’s another acronym for you – the Security Standards Council was created by the five major credit card brands which are Visa, Mastercard, American Express, JCB and Discover. That independent organization has a website where you can get a lot of this information and they can help you through the process. And that is the pcisecuritystandards.org.”

Dani: “Now there are different levels of PCI compliance along with those standards. Explain a little bit about those levels and who they apply to.”

Taunia: “Okay, well all merchants are going to fall in to one of four different levels and they have to do with the aggregate number of visa transactions that you transmit or accept annually. A Level 1 merchant for example is a merchant who is processing more than six million visa transactions annually. Obviously, these are some very large organizations. In Level 1 that’s regardless of the acceptance channel. So, in other words that can be online on their website, a face-to-face credit card transaction such as a brick-and-mortar store, over the phone, by mail, et-cetera. Level 2 similarly to Level 1 applies to no matter what the acceptance channel and that is for one million to six million credit card transactions annually. And then we get in to Level 3 and Level 4 merchants which are primarily the size of merchant that a company like Mountain Media would deal with, and has to do with e-commerce. A Level 3 merchant processes between twenty thousand and one million visa transactions annually and those can be of the e-commerce nature. And a Level 4, which is probably the most popular in the US as this is your small to mid-size merchant, processes fewer than twenty thousand credit card transactions annually. When it comes to those levels – 1 through 4 – it’s important to mention that the validation of compliance process is different. So, Level 1 and a Level 2 merchant are required to have an onsite audit and there needs to be submission of a Report of Compliance which is also known as a ROC – an R, O, C. So, they have to submit a ROC and actually have an independent auditor come out and audit their site. Similarly, to what a company like Mountain Media has to have as a service level provider who is trying to become compliant. And then Level 3 and Level 4 merchants are able to complete what’s called an SAQ or a Self-Assessment Questionnaire. A Self-Assessment Questionnaire means that you are performing your compliance in-house and that you are also attesting to the fact that you are within compliance in house. And that’s called the SAQ, or Self-Assessment Questionnaire and hopefully we can talk about that a little more in-depth in the future.”

Dani: “Okay, so Taunia Kipp of Mountain Media here today explaining a little bit more about PCI Compliance. Taunia, it sounds like there’s still a lot left to explain about the different levels of compliance so we’d be happy to have you back for another video segment very soon.”

Taunia: “Great. I’d love to.”

How To Reconcile a Merchant Account Statement

Merchant Accout ReconciliationSo, you’re accepting online payments now and sales are rocketing. But, are you actually receiving all that cash? Are any of these payments being disputed? Are the fees charged by your credit card processor accurate and appropriate? Finally, are any of these payments suspicious or fraudulent?

If you answered, “Hmm, I’m not sure” to any of these questions, then you need to start reconciling your monthly merchant account statements. Spending fifteen to thirty minutes a month performing this crucial activity will not only give you peace of mind, it could save you a great deal of money.

Below I’ve outlined the basics of reconciling the merchant account statement and included a link to a pretty cool, color-coded template for you to use as a tool in the process. Give it a read, and in no time at all you’ll be confidently tallying up those credit card sales figures knowing that the money’s in the bank.

The Basics of Merchant Account Reconciliation

Know your “End Game”
In other words, what are you trying to accomplish by performing this monthly task?
Very simply, you want to see agreement between the payments coming through your payment page and the amounts reported to you by your credit card processor(s) and on your bank statement.

The Process

STEP 1: Gather the necessary documents.

  • Daily Web Payment Software™ reports (settlements, reversals, credits)
  • Sales journal/ledgers
  • Merchant Account statement
  • Bank statement
  • Merchant Bank Agreement

Some tips about documentation: 1. In Web Payment Software you can print or download transaction reports for any time period by transaction type and by payment page. You can download in spreadsheet format so it can be imported directly in to the reconciliation template.

2. Most merchant account and bank statements can also be downloaded in spreadsheet format.

STEP 2: Compare monthly totals per the Web Payment Software reports to the amounts recorded in your sales records. Do they agree? Were any amounts missed or recorded twice? Were credits and reversals properly reflected in the sales accounts? Make note of any payments settled on the last few days of the month as these amounts may create a “timing difference” in the reconciliation process. A timing difference is a temporary difference between amounts per one source of information (i.e. sales journal) and another (a bank statement). For example, say you sell a widget on Tuesday and your customer pays you by credit card. You immediately record the sale in your accounting system. However, the money doesn’t actually reach your bank account until Friday. Now, if Tuesday was the last day of the month, your sales amount for the month would not equal your cash receipts for that same month. That Tuesday sale would be a reconciling item termed a timing difference.

STEP 3: Carefully review the merchant account statement to confirm that all credit card transactions have been included and are accurate. Also review the fees charged. Are they in accordance with your agreement? Are there any fees you do not recognize?

Tip: Two fees that can easily be eliminated are “statement” and “PCI non-compliant” fees. Some merchant banks (American Express being one) charge to print and mail you a monthly paper statement. You can sign up for online only statements and save yourself up to $10 a month. Most, if not all, merchant banks will add a monthly fee if your website does not maintain it’s PCI (Payment Card Industry) compliant status. When you use Web Payment Software, the great guys at Mountain Media can assist with your PCI DSS certification.

STEP 4: Using the Reconciliation Template from this article (or one you’ve created yourself) complete all the gray-shaded cells with data from the documents gathered in STEP 1. As noted in the tips above, the daily credit card activity section can either be imported or cut-and-pasted from the Web Payment Softwarespreadsheet download.

STEP 5: Review the RECORDS COMPARISON SECTION of the template, complete the DIFFERENCES ANALYSIS SECTION, and investigate any non timing-issue differences.

STEP 6: Relax and bask in the knowledge that your money IS in the bank (or on it’s way).

//////////////////

Web Payment Software offers some of the best online merchant accounts rates in the industry. Please contact us for a free quote.

 

Online Event Registration Comparison


online event registration price comparison

Event Registration Doesn’t Have to Be Expensive

Event registration doesn’t have to be so expensive. Most of the services out there get you when your coming and your going, meaning they charge you a fee for each registrant of up to $5.00 and then charge astronomical credit card fees of 5.0 – 6.0%. This seams like gouging to me. Web Payment Software is a solution the has a small monthly fee of $15.99. We set you up with a merchant account that costs $10 per month and your processing rate would vary from 0.35% to 2.7%. One WPS client saw a total expense of $1.97% for their total online events registration fees. The 1.97% included the $15.99 WPS fee and the $10 merchant statement fee.

There are some pretty fancy platforms out there we will give you that, but you don’t have to pay way too much for you event registration services. Learn how Web Payment Software has been saving our clients thousands of dollars for online event registration services.

Click here to use an interactive tools for comparing prices of event registration platforms.

Payment Pages for Political Action Committees

Collecting funds for your Political Action Committee (PAC) can be hard work. Web Payment software’s payment page solutions can make this process as painless as possible. No matter the campaign, Web Payment Software’s payment pages can streamline the process of accepting donations. Our secure payment pages let you brand and configure public-facing payment pages which are hosted in our secure data center, saving you the hassle of strict PCI DSS regulations. Supporters will be able to donate to your PAC and pay by credit card on simple, effective, secure pages. Finally, upon successful donation both the administrator and donator will receive email notifications for successful donations. Curious? Take a look at a few examples over on our website!

Email or call us today to schedule your demo now!

Also see: how to accept donations online