votrechien - 6:14 pm on May 20, 2013 (gmt 0)
You've explicitly stated you don't want my advice or likely most other people on this board's advice because we don't give access to full CC info. But I'll ignore that just for a moment.
I cannot begin to imagine how any business could operate without seeing the credit card information entered by their customers. Unless, that is, they only accept PayPal Express as the method of payment and only ship to an exact AVS match. Sometimes honest people accidentally enter incorrect information and it needs to be verified.
We do it and I know numerous other merchants who do it as well (and it's not a volume issue- most of us have sales greater than what you've mentioned).
It is absurd to think that it is not safe for a merchant to have access to CC info. You hand your CC to the waiter at dinner, who walks away with it, you give your CC info to the business you called on the phone to fix your plumbing, you give your CC to the cashier at Wal-Mart, and you probably give your CC to just about any business who sells a product. Of course, as I said previously, I don't store any CC info on my own computers or network, but I DO have access to the CC info via my Yahoo Merchant Store's orders page using a double password and SSL encryption. As a safety measure, Yahoo deletes the CC info 30 days after the transaction, which gives me plenty of time to call the issuing bank and verify addresses.
You're argument is that because other companies have unsafe methods therefore you should have unsafe methods. But that aside, in a lot of these cases there is a significant difference. If a customer calls in an order and you write it down on a piece of paper and forget to shred it that night and someone breaks in and steals it, you're going to be liable for that single credit card. If you store a month's worth of CC info and someone hacks in and steals it you could be liable for potential thousands of credit card transactions.
f you don't have access to the CC info, how can you avoid chargebacks from unauthorized sales (stolen credit cards)? Case in point, if I was a thief and went to your website to fraudulently purchase a new $600 stereo system and gave you a stolen credit card number and the real Billing address, but wanted it shipped to my home, how would you handle that? Just ship it to me? I would imagine you would be spending a lot of time dealing with chargebacks using that strategy.
First, it's an issue we all struggle with (with that being said, we've had one fraudulent transaction in 10 years).
1) You're assuming the delivery address isn't the same as the billing address. However, as you've mentioned, you're also assuming the delivery address is a verified address on file. Most merchant providers have AVS services to verify just that (see our merchant provider here: [moneris.com...]
That aside, as you know as a vigilant merchant, sometimes you have to apply human subjectivity. For example, a customer has purchased from you numerous times and he calls and asks if you can ship to his hotel in another state. You probably ship it. And sometimes an order just gives you the willies so you apply as much scrutiny as possible to it.
Long story short, I know you're trying to find a merchant provider that provides access to full CC info and the best of luck trying. I'm trying to give you a low down of the pros and cons of it. Millions of merchants with volumes less than you and far greater than you prefer not to have access to this info, so at the very least, why they prefer this is a point worth considering. Nevertheless, I'll leave the conversation now to allow you to get the opinion of merchants who only have access to full CC info.