Welcome to WebmasterWorld Guest from 188.8.131.52
Forum Moderators: buckworks
Wanting to do things right (so as not to loose anyone's Merchant Account) has anyone had any similar experiences?
My initial problem was with LloydsTSB Cardnet who do not allow you to process offline.
Thanks in advance...
Not sure if it's as simple as that. My clients can take payments over the phone - "CNP". But mention taking payments from the internet and it seems their bank gets awkward. I would say that even if you currently take CNP payments you still have to get additional approval for internet transactions.
May I ask what bank you are using - as that's really what I need to find, a list of UK banks that allow secure offline processing.
In the end they decided to push it for as long as they could and process the orders as CNP telephone orders. They will be moving to an online processor soon, probably Protx, and the higher fee account - but this is mainly down to volume of orders rather than the bank forcing them.
If you do decide to process offline then you should note that there is an extra requirement if you collect the 3 digit code off the back of the card. This code cannot be stored any longer than it takes to process the payment.
All my clients process offline and as I think has been said, it does depend on the bank. Cardnet,(lloydstsb) do require you to have a merchant account for internet processed orders but the costs seem to be the same as CNP telephone orders. I have a customer who has both as his bookshop processes both internet and telephone orders.
It is very difficult for the bank to tell how you got the order, it would require a customer to make a complaint that they didn't make a telephone order. Why would they do this if they had ordered online and your company shows up on the credit card statement.
I have a second customer who said stuff the bank and just paid for the one account .. he's been trading for two years processing both telephone and internet orders through the same account with no problems.
He is however strictly breaking the rules.
I explained the details would all be captured under an SSL and kept secure - and said this must be as safe as someone giving out their CC details in a busy office over the phone for them to be written on a scrap of paper at the other end!
They still said they don't allow offline processing and recommended a payment service provider who I contacted - their basic service started at £3000+ per year!?! I explained for 2 or 3 orders a week it was just not worth it...
For mailorder, phone or manually entered internet orders (i.e. cardholder not present) we have a seperate account with access to the HSBC website. We enter the card details, address etc. and are given an immediate decision accept/decline/fraud check.
Works pretty well once you get used to it - but the monthly fee is high.
It works (mostly) but I wouldn't recommend it.
How is this practically possible? We receive orders by mail (letter), mail (pre-printed order form), telephone, fax and email. Are we expected to blot out the CVV code in some way after the transaction has been processed?
We are naturally authorised to process MOTO (card holder not present) transactions. With mail order and fax you get the cardholder's signature. But how is an email less secure than a telephone order? Neither provide a signature?
In fact telephone orders are in theory insecure - I realised that if another customer is in the shop and a telephone order came in the details were repeated back to the phone customer and could be overheard by the shop customer!
We are a small business and do not have our own server, we use an ISP. This means that SSL is also insecure, as decryption is done on the remote server
and the information sent on to us in plain text. But who really believes that a crook is tapping their telephone line (unless you are a bank of course!).
I Have a related question, when taking orders over the net for manual offline processing, is there any manual way of doing AVS?
I'm not sure we use HSBC's website to process CC's which has AVS checking.
But for UK orders:-
We always try to confirm the address and telephone number for ourselves.
We only supply B2B, so for companies we check them out at Companies House.
For other businesses we look in Yellow Pages (Yell) and ring directory enquiries. And for the first order we only deliver to the card address.
Also we telephone them prior to sending the goods to make sure they know about the order to make sure and member of staff isn't making unauthorised purchases.
Orders outside the UK:-
We only accept payment by bank transfer (wire), because once we receive payment it can't be taken back.