Got a letter from my merchant cedit card processing company that does not seem to pass the smell test. The letter states that Mastercard/Visa/Discover etc are requiring all merchants to be PCI/DSS compliant and that to do so I need to pay a $150.00 annual fee to a company called Security metrics. Furthermore there could be additional fees of $25.00 or more assesed by the merchant processors. The whole think looks like a scam. My merchant processor says he knows abotu the letter and he will see what he cap do. Does anyone out there know about crap.
fill out a SAQ and you're compliant (if the answers are not "yes, we hand other customers credit card numbers to anyone that asks")
mastercard/visa are requiring outside auditors for high tier merchants (eg. WalMart.com, TJ Maxx, etc), but frequently
change processing company if they're requiring it of you
posted: Nov. 12, 2009 @ 5:06p
It probably is not that simply if OP has a website.
posted: Nov. 12, 2009 @ 5:31p
you'd be surprised how bullshit PCI-DSS really is.
posted: Nov. 12, 2009 @ 5:57p
juliox said: you'd be surprised how bullshit PCI-DSS really is.BS or not, the OP may still be legally required to comply or face charges..Whether or not he falls under the "must comply" category is up in the air.
Senior Member - 2K
posted: Nov. 12, 2009 @ 6:04p
It's BS. They made me fill out a questionnaire or something. If they want $150 from you change providers. I'm with First Data and haven't yet gotten one of these.
posted: Nov. 12, 2009 @ 11:01p
I think its a First Data BS charge, after I changed to Nova/Elevon I haven't had to deal with it.
posted: Nov. 12, 2009 @ 11:34p
t60 said: BS or not, the OP may still be legally required to comply or face charges..Whether or not he falls under the "must comply" category is up in the air.
This response shows that you have no idea with PCI is. This isn't SOX, this isn't a legal requirement, there is no jailtime or charges for not upholding the PCI Data Security Standard
Specifically, this is a requirement by the CREDIT CARD companies. Some states have taken small subsets of PCI and made them law - for example NY no longer allowing you to print credit card numbers on receipts as of 2002/2003 (before PCI existed...)
So the reason I said he doesn't need to do it is reinforced by the link below: http://usa.visa.com/merchants/risk_management/cisp_merchants.html
Unless he already knows what PCI is, the OP does NOT fall ABOVE Level 4, defined as: Merchants processing less than 20,000 Visa e-commerce transactions annually and all other merchants processing up to 1 million Visa transactions annually
And the requirements for a level 4: Annual SAQ recommended Quarterly network scan by ASV if applicable Compliance validation requirements set by acquirer
In this case - this $150 fee and the associated 5 minute phone call from the auditor is possibly that "Compliance validation requirements set by acquirer", which would be your processing company. You can consider this fee $150 extra merchant processing fees for the year, as it is in no way legally required - you really need nothing at all at level 4.
posted: Nov. 13, 2009 @ 2:02a
nhokt said: I think its a First Data BS charge, after I changed to Nova/Elevon I haven't had to deal with it. I got this same letter from Elavon about a month ago. We have 4 accounts with them, but we only got the letter on one account.
posted: Nov. 13, 2009 @ 3:33a
Usually the merchant has an account with the audit company and covers the bill. I have yet to get charged for security metrics. You should be assessed the fee/fine (~$25) if you are not PCI certified.
I'm Just a Poor Boy - Nobdy Loves Me
posted: Nov. 13, 2009 @ 10:49a
If you are not PCI complaint, they will hold you responsible for damages for a breach. Without knowing how much your process, where you process (Terminal vs software vs internet), we won't know the level and whether or not its required.
If anything holding cardholder data touches the internet, you need to have a quarterly scan. You also need to follow whatever your processor wants, pretty much, or find a new one.
Senior Member - 2K
posted: Nov. 14, 2009 @ 12:36p
I use pccharge software to process customer charges. We are a B2B company. We do not process more than 20K transactions per year. We have a decent average order but we probably do no more than 5000 transactions per year. I appreciate any comments. This stuff is getting to be total BS. I am getting very tired of overcharges and nonsense from my processor who "isnt making any money money on me" (according to him very little money.
posted: Nov. 14, 2009 @ 4:11p
robertw477 said: I am getting very tired of overcharges and nonsense from my processor who "isnt making any money money on me" (according to him very little money.
Can you change vendors? That's one of the most aggravating comments that a vendor can say to you. First, it shows that they aren't even pretending anymore that they're in the business to serve you. That's bad. Their customer service will be terrible. And they're going to try and nickel and dime you to death.
There are other companies that'll be happy to take your money, and make you feel good doing so. I'd go with them.
Senior Member - 2K
posted: Nov. 15, 2009 @ 3:58p
All these merchant companies are shady. Tons of bait and switch. All sorts of bs charges. They always claim that mastercard and visa are raising their rates etc. Totally aggravating. All these banks try to get my business but once I ask a few tough questions they usually get lost.
posted: Jan. 28, 2010 @ 11:18p
It all seems to be crab. You don't have to pay anything.Merchant account maintanence does not require or include any processing or monitoring fees.
Disclaimer: By providing links to other sites, FatWallet.com does not guarantee, approve or endorse the information or products available at these sites, nor does a link indicate any association with or endorsement by the linked site to FatWallet.com.
Members of our community may attach files to a post in accordance with the User Agreement. FatWallet is not responsible for the content, accuracy, completeness or validity of any information contained in any attached file. Files have *not* been scanned for viruses. Be especially wary of Excel files which may contain malicious content.
Earn Cash Back while you shop - just 3 simple steps.
1. Sign Up so we know who to pay! (It's FREE.)
2. Shop through FatWallet for deals from your favorite stores. Your online purchases earn Cash Back that builds in your FatWallet account.
3. Get Paid by requesting a payment via check or PayPal.
FatWallet coupons help you save more when shopping online. Use our Coupons Search to browse coupons and offers from thousands of stores, gathered into one convenient location.
As part of our FatWallet Community, you can share deals with almost a million shoppers in our forums. Forum content is generated by consumers for consumers. Share deals, money-saving tips, and more. It's FREE, fun, and addicting.
Our customer experience team is here around the clock - real people ready to assist.