PCI DSS is what got this whole thing started. A letter from our current credit card processor, Global Payments, alerted me to the fact that we are not compliant with the current rules regarding credit card security and fraud prevention, at least according to their WebSite's "risk analysis", which is run by a company which will scan your system and determine what you need to do for a fee of $180 a month. This prompted us to look into switching, which in turn has revealed a host of other complications.
After talking to a couple other Hospitality Merchants in Chestertown - many of whom are as confused as I am at figuring out the whole credit card processing thing and what all the fees are for - and discussing options with a couple of competing processors, I decided we would probably switch to First Data. This was mostly due to the National Restaurant Association's "Take Charge" program from First Data which includes compliance with the PCI DSS (oh, in case you are wondering what this acronym stands for: Payment Card Industry Data Security Standard) for less than $100 a month. Right now Global is charging us $10.00 month as a "non-compliant" merchant...not to mention the statement fee, the higher charge for Reward and Business Cards, the higher charge for manually entered cards, the transaction fees, the "EDC Vend 3" fee, which even the First Data rep couldn't explain. Will everything be all sweetness and light with a change to another processor? Definitely not, but at least we will be a little more aware of what we are getting into and how to read the lingo. I know I am already a lot more careful at reading the contract and all the small print - this is how I know what sort of penalties we'll face if we break our Three-year contract with Global. It's been an educational year for us thus far, in the world of legalese, and I'm glad I've been paying a little attention.
Anyway, the fact is, according to Digital Dining's original set up, we already are largely compliant. We don't/can't store any customer's credit card data for more than 30 days - and only the last four digits until then. We have a firewall and a security/anti-virus system on the computer. We restrict access to cardholder data. While I imagine with the recent new rules in place, there is more we will do (or face fines from our processor), I don't think we have to let our current processor dictate where we go for (paid) help.
This is some dry stuff, eh? See, not all is fun and games in the world of the restaurateur...
After talking to a couple other Hospitality Merchants in Chestertown - many of whom are as confused as I am at figuring out the whole credit card processing thing and what all the fees are for - and discussing options with a couple of competing processors, I decided we would probably switch to First Data. This was mostly due to the National Restaurant Association's "Take Charge" program from First Data which includes compliance with the PCI DSS (oh, in case you are wondering what this acronym stands for: Payment Card Industry Data Security Standard) for less than $100 a month. Right now Global is charging us $10.00 month as a "non-compliant" merchant...not to mention the statement fee, the higher charge for Reward and Business Cards, the higher charge for manually entered cards, the transaction fees, the "EDC Vend 3" fee, which even the First Data rep couldn't explain. Will everything be all sweetness and light with a change to another processor? Definitely not, but at least we will be a little more aware of what we are getting into and how to read the lingo. I know I am already a lot more careful at reading the contract and all the small print - this is how I know what sort of penalties we'll face if we break our Three-year contract with Global. It's been an educational year for us thus far, in the world of legalese, and I'm glad I've been paying a little attention.
Anyway, the fact is, according to Digital Dining's original set up, we already are largely compliant. We don't/can't store any customer's credit card data for more than 30 days - and only the last four digits until then. We have a firewall and a security/anti-virus system on the computer. We restrict access to cardholder data. While I imagine with the recent new rules in place, there is more we will do (or face fines from our processor), I don't think we have to let our current processor dictate where we go for (paid) help.
This is some dry stuff, eh? See, not all is fun and games in the world of the restaurateur...
No comments:
Post a Comment