Gear Talk > Canon General

Digital Rev!

<< < (11/11)

Mt Spokane Photography:

--- Quote from: East Wind Photography on June 12, 2015, 06:46:24 AM ---
--- Quote from: Mt Spokane Photography on June 11, 2015, 10:33:55 PM ---
--- Quote from: East Wind Photography on June 11, 2015, 10:26:02 AM ---
 We are also dealing with a Chinese company here so what we do here in the states and what they do may be completely different.


--- End quote ---


The credit card companies call the shots, they publish a extensive set of requirements that sellers must follow.  They have issues a common set of rules that apply Globally, no matter what country you are in.  If you want to accept Visa, MasterCard, Discover, AMEX, you must abide by them, and the rules require a independent verification that you are following the rules.

That's one of the reasons that I finally stopped taking credit cards last July.  It had become expensive for a small business.  There are indeed different procedures for Brick and Mortar, but everyone is connected to the internet now, and card data is transmitted over the internet, so the computer security is very tight (Some still don't get it).


The PCI Data Security Standard
PCI DSS is the global data security standard adopted by the payment card brands for all entities that
process, store or transmit cardholder data and/or sensitive authentication data. It consists of steps that
mirror security best practices.

https://www.pcisecuritystandards.org/documents/PCISSC%20QRG%20August%202014%20-print.pdf

--- End quote ---

Yes but there are some that still get around that practice...for example..I go into a restaurant to buy food, I never have anyone ask me for my billing address.  When I order online some but not everyone ask for the CID...which I thought was a requirement.

Anyway, I think we can say for the fees charged, the system still is not perfect.

--- End quote ---

The billing address is optional, and a cid check is also optional.  Its up to the business.  PCI deals more with security of data and protecting credit card numbers.  In cases where a customer I have dealt with for years places a order with just his card number, I don't bother him for the CID, I just turn the check off for him.  Another thing about the address check, is that its just for the zip code.  I don't know why, but that's all the card companies provide to the gateway companies for a address check.  They all act as though its a check of the address, but its not.  Scammers know this.  I can set it to the basic 5 digit code or the zip plus 4 (US customers).  When accepting International credit cards, many banks still do not have all the data online, or its unreliable, so its common to ask for a scan of some ID.

If a business is not worried about a customer, they are allowed to take the risk, but are fined for a excessive number of chargebacks.  Those engaging in professional fraud are usually looking for something in high demand, cameras, lenses, video games, smart phones, anything they can resell quickly and easily.

TeT:
oops... but that is probably all it is oops and not malicious intent on a grand scale...

East Wind Photography:

--- Quote from: Mt Spokane Photography on June 12, 2015, 10:36:32 AM ---
--- Quote from: East Wind Photography on June 12, 2015, 06:46:24 AM ---
--- Quote from: Mt Spokane Photography on June 11, 2015, 10:33:55 PM ---
--- Quote from: East Wind Photography on June 11, 2015, 10:26:02 AM ---
 We are also dealing with a Chinese company here so what we do here in the states and what they do may be completely different.


--- End quote ---


The credit card companies call the shots, they publish a extensive set of requirements that sellers must follow.  They have issues a common set of rules that apply Globally, no matter what country you are in.  If you want to accept Visa, MasterCard, Discover, AMEX, you must abide by them, and the rules require a independent verification that you are following the rules.

That's one of the reasons that I finally stopped taking credit cards last July.  It had become expensive for a small business.  There are indeed different procedures for Brick and Mortar, but everyone is connected to the internet now, and card data is transmitted over the internet, so the computer security is very tight (Some still don't get it).


The PCI Data Security Standard
PCI DSS is the global data security standard adopted by the payment card brands for all entities that
process, store or transmit cardholder data and/or sensitive authentication data. It consists of steps that
mirror security best practices.

https://www.pcisecuritystandards.org/documents/PCISSC%20QRG%20August%202014%20-print.pdf

--- End quote ---

Yes but there are some that still get around that practice...for example..I go into a restaurant to buy food, I never have anyone ask me for my billing address.  When I order online some but not everyone ask for the CID...which I thought was a requirement.

Anyway, I think we can say for the fees charged, the system still is not perfect.

--- End quote ---

The billing address is optional, and a cid check is also optional.  Its up to the business.  PCI deals more with security of data and protecting credit card numbers.  In cases where a customer I have dealt with for years places a order with just his card number, I don't bother him for the CID, I just turn the check off for him.  Another thing about the address check, is that its just for the zip code.  I don't know why, but that's all the card companies provide to the gateway companies for a address check.  They all act as though its a check of the address, but its not.  Scammers know this.  I can set it to the basic 5 digit code or the zip plus 4 (US customers).  When accepting International credit cards, many banks still do not have all the data online, or its unreliable, so its common to ask for a scan of some ID.

If a business is not worried about a customer, they are allowed to take the risk, but are fined for a excessive number of chargebacks.  Those engaging in professional fraud are usually looking for something in high demand, cameras, lenses, video games, smart phones, anything they can resell quickly and easily.

--- End quote ---

When I've had to deal with big charges, I've actually called the card issuer and asked to validate the address I was given in the order.  If it didn't match then I cancelled the order or had the customer call his card company to register his shipping address.  It was huge manual PITA but it helped root out fraud.  Any of these automated verifications are also suspect.  Once a hacker gets into a merchant he pretty much has access to all of the resources needed. 

While the manual person to person address verification was a BIG pain, it was the best way at the time.  I now outsource all of that so the liability is not on me as a merchant.  :)

Navigation

[0] Message Index

[*] Previous page

Go to full version