If they didn't give you any specifics about which security requirements you're not meeting, it's sort of hard to know.

Will people be entering their credit card information on your site or going to a 3rd party site? If on your site, do you have SLL? If not, then that's your main problem right there.

For other compliance issues, go to visa.com and then do a search fro CISP.

LifeinAsia.

Sorry, we are very new at ecommerce.

One Stop Merchant claims that a "Secure Certificate" is provided when we signed up with them. Is this different from SLL? When our customer goes to the shopping cart to make a purchase, a "locked padlock" appears.

Your thoughts?

Or is it SSL?

OK, you're fine on that front.

Do go to visa.com and have a look at the CISP info. They have a self-assessment questionnaire that runs 8 pages. Some of it is pretty technical, so you may need to ask your hosting company about it.

Also, write back to NOVA and ask them exactly what's wrong so you can fix it. They should be more interested in helping you get compliant than banning you completely and cutting off an income stream.

I went visa.com and searched as you said LifeinAsia, doesn't work

can you post the link? (take that as admin ok ;))

I know the one you mean but couldn't quite find it

>> SLL or SSL

SSL is correct I am sure it was just a key miss

Thanks everyone. I really appreciate your input and insight.

Sorry, yes, that should have been SSL.

CISP program info: [usa.visa.com...]

Self-assesmnet questionnaire:
[usa.visa.com...]

Found out the security issue raised by NOVA. The Merchant Services we purchased our shopping cart and Merchant Account provided a "wild card" secure certificate that is in their name and they use for most companies who purchase Merchant Accounts thru them. NOVA says they cannot do this since there is not a match between the name on the secure certificate and my company name.

NOVA says they cannot do this since there is not a match between the name on the secure certificate and my company name.

Sounds like technical "standards" being made by non-techies.

It's probably an uphill battle to fight it with them, so see if you can get your own SSL (hey- I typed it right this time! :) ) to make them happy. It's a few hundred dollars at most/year. But if it greases the squeeky wheel and lets you go forward...

Nova seems to be clamping down like this a lot. I had one last merchant account with them. I decided to finally close that one and move it over to Loud Commerce. That is how I used for my others. They told me that as long as it was secure and encrypted that it did not matter.

It seems that this might cause a lot of problems as well for merchants who use a shared SSL

Duh,

I finally get it.
I have a several clients going through my ssl.

I never thought that they could be rejected by a merchant account provider because the certificate was not in their name.

To me this is not a big worry, but it must be to those big shopping cart providers.

Tip: You get review when you *start* trading. Just start with Paypal or Worldpay.

aspdaddy
"Tip: You get review when you *start* trading. Just start with Paypal or Worldpay."

That reply went over my head. Not that is uncommon.
Could you expand on it?

:)
The merchant or bank usually checks a site out just before you are ready to go live. Once you are trading for a while and well established you can change things then - an example is the type of products you want sell might not be approved initially, so sell something else to start with.

Directnic and Godaddy offer very cheap SSL certificates.