| 4:40 pm on Jan 7, 2005 (gmt 0)|
I have a couple of clients that do things this way. They just pick the orders up from a secure server and then use a Streamline machine (from RBS/Natwest) to process the orders.
Haven't heard that they have any problems with this.
| 4:44 pm on Jan 7, 2005 (gmt 0)|
Thanks for that.
Do you know if they have informed their bank?
| 5:03 pm on Jan 7, 2005 (gmt 0)|
I do exactly the same using Barclaycard Merchant Services. I told them i do it and they don't have a problem with it. As long as everthing is secure then they are fine.
| 5:08 pm on Jan 7, 2005 (gmt 0)|
|Do you know if they have informed their bank? |
Knowing the people involved, I have no doubt that everything is above board. Best idea is to chat with the bank in question and ask how the land lies.
| 6:44 pm on Jan 8, 2005 (gmt 0)|
Thanks you two - good news!
| 1:07 am on Jan 9, 2005 (gmt 0)|
We setup our online store last month using natwest streamline , and if we have a merchant account already for a terminal we still needed another merchant account for proccessing internet orders even if we were going to enter them through the terminal rather than using an online payment proccessor.
| 9:49 am on Jan 9, 2005 (gmt 0)|
It seems the banks always try to get some more money out of you for the perceived *higher risk* of internet orders. Were Natwest happy for you to process offline and did you choose this route or have you used a PSP?
| 3:48 pm on Jan 9, 2005 (gmt 0)|
We process all of our credit credit cards manually, for a couple of reasons, and we process tens of thousands of them.
Why, it is easier to detect fraud. When you add the human element it defeats the fraudsters. In 5 years of ecommerce we have yet to be burned. Plus, the less declined transactions you have the better rate you get from the banks, at least here in North America. So it really pays for itself.
| 6:33 pm on Jan 9, 2005 (gmt 0)|
Just check that the account is authorized to accept
"cardholder not present" transactions, if so you are OK.
Worth checking because if not you are in violation of terms and could lose your merchant facilities.
I manually process mail orders myself, 1000's a year.
| 9:02 am on Jan 10, 2005 (gmt 0)|
>>Just check that the account is authorized to accept
>>"cardholder not present" transactions, if so you are OK.
>>Worth checking because if not you are in violation of terms and could lose your merchant facilities.
>>I manually process mail orders myself, 1000's a year.
Not sure if it's as simple as that. My clients can take payments over the phone - "CNP". But mention taking payments from the internet and it seems their bank gets awkward. I would say that even if you currently take CNP payments you still have to get additional approval for internet transactions.
May I ask what bank you are using - as that's really what I need to find, a list of UK banks that allow secure offline processing.
| 5:48 pm on Jan 22, 2005 (gmt 0)|
Can anyone else in the UK relate to this?
| 10:35 pm on Jan 23, 2005 (gmt 0)|
Natwest didn't insist that we use a payment proccesor although they did do a good job of trying to push to using worldpay (which is part of the bank of scotland group that owns natwest), but we decided to go with a payment proccesor which was protx.com , mainly because I didn't want to punch numbers in all day for orders.
| 10:40 pm on Jan 23, 2005 (gmt 0)|
Streamline were quite happy for you take the card details online and manually key them into your POS terminal?
You had to open a second merchant acount for the online orders though yes?
I'm in the UK with Streamline for customer present stuff too so just curious.
| 9:37 am on Jan 24, 2005 (gmt 0)|
One of my UK clients processes all credit cards offline although their bank, Natwest Streamline, insisted they would need a new merchant account for online orders. This new account came with a higher fee.
In the end they decided to push it for as long as they could and process the orders as CNP telephone orders. They will be moving to an online processor soon, probably Protx, and the higher fee account - but this is mainly down to volume of orders rather than the bank forcing them.
If you do decide to process offline then you should note that there is an extra requirement if you collect the 3 digit code off the back of the card. This code cannot be stored any longer than it takes to process the payment.
| 11:12 pm on Jan 25, 2005 (gmt 0)|
All my clients process offline and as I think has been said, it does depend on the bank. Cardnet,(lloydstsb) do require you to have a merchant account for internet processed orders but the costs seem to be the same as CNP telephone orders. I have a customer who has both as his bookshop processes both internet and telephone orders.
It is very difficult for the bank to tell how you got the order, it would require a customer to make a complaint that they didn't make a telephone order. Why would they do this if they had ordered online and your company shows up on the credit card statement.
I have a second customer who said stuff the bank and just paid for the one account .. he's been trading for two years processing both telephone and internet orders through the same account with no problems.
He is however strictly breaking the rules.
| 9:35 am on Jan 26, 2005 (gmt 0)|
Interestingly when I spoke to Cardnet they insisted I process automatically using a PSP and said they do not allow transactions to be keyed manually.
I explained the details would all be captured under an SSL and kept secure - and said this must be as safe as someone giving out their CC details in a busy office over the phone for them to be written on a scrap of paper at the other end!
They still said they don't allow offline processing and recommended a payment service provider who I contacted - their basic service started at £3000+ per year!?! I explained for 2 or 3 orders a week it was just not worth it...
| 11:16 am on Jan 26, 2005 (gmt 0)|
I'm with Barclays Merchant Services, I simply ensured my account was verified for CNP transactions and just process everything manually and take details anyway I want.
The process may be more difficult nowadays though.
| 12:17 pm on Jan 26, 2005 (gmt 0)|
I'm with HSBC, we have a terminal for 'cardholder present' transactions.
For mailorder, phone or manually entered internet orders (i.e. cardholder not present) we have a seperate account with access to the HSBC website. We enter the card details, address etc. and are given an immediate decision accept/decline/fraud check.
Works pretty well once you get used to it - but the monthly fee is high.
| 3:41 pm on Jan 26, 2005 (gmt 0)|
I use the HSBC program as well but don't you find it irritating? It's too complicated to let junior staff use and we get a fair amount of phone calls to say that the site wouldn't process customers orders so then we have to process them over the phone. Hardly an improved internet shopping experience for the customer.
It works (mostly) but I wouldn't recommend it.
| 9:33 pm on Jan 26, 2005 (gmt 0)|
|I use the HSBC program as well but don't you find it irritating? |
But until we find something better and cheaper we'll stick with it.
| 7:57 am on Jan 28, 2005 (gmt 0)|
"If you do decide to process offline then you should note that there is an extra requirement if you collect the 3 digit code off the back of the card. This code cannot be stored any longer than it takes to process the payment. "
How is this practically possible? We receive orders by mail (letter), mail (pre-printed order form), telephone, fax and email. Are we expected to blot out the CVV code in some way after the transaction has been processed?
We are naturally authorised to process MOTO (card holder not present) transactions. With mail order and fax you get the cardholder's signature. But how is an email less secure than a telephone order? Neither provide a signature?
In fact telephone orders are in theory insecure - I realised that if another customer is in the shop and a telephone order came in the details were repeated back to the phone customer and could be overheard by the shop customer!
We are a small business and do not have our own server, we use an ISP. This means that SSL is also insecure, as decryption is done on the remote server
and the information sent on to us in plain text. But who really believes that a crook is tapping their telephone line (unless you are a bank of course!).
| 5:09 pm on Jan 30, 2005 (gmt 0)|
Just checked out the HSBC offerings (even though I see people have a few reservations) - but it looks like all their services require you to have held an HSBC Business Account for at least a year!
That's another option out...
| 3:05 pm on Feb 1, 2005 (gmt 0)|
I Have a related question, when taking orders over the net for manual offline processing, is there any manual way of doing AVS? Can you ring up Visa, for example, explain that you are a merchant and ask them to confirm the cardholders billing address is correct? The reason I ask is that I have an order here which has a UK billing & Shipping address, UK Phone number, a ukonline.co.uk email address but the IP is in France at the "Caisse Nationale de Credit Agricole", which I believe is a bank? I have obviously flagged it for further investigation. Phone number goes to an answer machine and no reply from the email address as yet.
| 9:22 am on Feb 2, 2005 (gmt 0)|
|I Have a related question, when taking orders over the net for manual offline processing, is there any manual way of doing AVS? |
I'm not sure we use HSBC's website to process CC's which has AVS checking.
But for UK orders:-
We always try to confirm the address and telephone number for ourselves.
We only supply B2B, so for companies we check them out at Companies House.
For other businesses we look in Yellow Pages (Yell) and ring directory enquiries. And for the first order we only deliver to the card address.
Also we telephone them prior to sending the goods to make sure they know about the order to make sure and member of staff isn't making unauthorised purchases.
Orders outside the UK:-
We only accept payment by bank transfer (wire), because once we receive payment it can't be taken back.