GoFuckYourself.com - Adult Webmaster Forum - View Single Post - For those who have their own merchant accounts

Kimmykim · 02-22-2006, 01:04 PM

Visa and MC have very clear guidelines on what is allowed and what is not, and your gateway, acquiring bank or ISO should inform you as to what your responsibilities and liabilities are to be compliant within these guidelines. There is no rule that says that you cannot store your own credit card numbers as a merchant, HOWEVER, there are plenty of rules pertaining to exactly how you must store, maintain and protect this data if you choose to do it yourself.

In many cases, probably close to all of them, it's much wiser to have your gateway store the data for you, since they are (I am assuming) compliant with the regulations and with the PCI security standards required.

Whether someone settles in real time, batch settles periodically throughout the day or settles once daily (just like a POS terminal does), is of little consequence to the transfer of funds from one bank to another.

What is important is how the data is secured, what data is stored, and the circumstances around which both happen.

An IPSP, even one that doesn't do gateway processing for outside clients, will store their own data normally, since they've passed all the security and compliance requirements, while a merchant account holder may choose between the options offered by their gateway provider.

I have no idea how Verisign is set up, but it does seem odd to me that if they are doing the gateway in this instance, that they have not informed a client as to how their process works, and what options are available to the client. If Verisign is not aware that they are processing 5967 transactions for you, then it is because of either very poor due diligence on their part, or perhaps a failure to inform them of your true business model on your part. Once again, I don't have any idea which could be the case, and I'm not going to speculate. You should be aware that if you've misrepresented your business to Verisign, it's possible that you could lose the ability to process transactions entirely and you would lose your rebill database in that instance as well.

I also agree with Mitch (who runs a very nice business) that a 50% decline in rebills is a problem. I can't think of any reason why that should happen, but if you are seeing it, before you decide to run your own rebills, you should investigate the cause of the problem and correct it. Bad scrubbing on the initial transaction could be a factor, your consumer base could be another factor. Without any idea of your conversion ratio, your credits or chargebacks, it's hard to say for sure what is causing the problem.

You're not going to go to jail or pay multi-million dollar fines with a merchant account unless you are doing something illegal or you deliberately abuse the card association regulations with some very high volume. That kind of scare talk is nothing more than scare talk.

Depending on your account volume, you should have options. Talk to Mitch or shoot me an icq if you want to discuss specific things that may be occurring. I'd be happy to talk to you about it if you like.

I'd suggest getting sorted out and into compliance as quickly as you can.

02-22-2006, 01:04 PM
Kimmykim bitchslapping zebras!!!!! Industry Role: Join Date: Jun 2001 Location: In a shack by the beach Posts: 16,015	Visa and MC have very clear guidelines on what is allowed and what is not, and your gateway, acquiring bank or ISO should inform you as to what your responsibilities and liabilities are to be compliant within these guidelines. There is no rule that says that you cannot store your own credit card numbers as a merchant, HOWEVER, there are plenty of rules pertaining to exactly how you must store, maintain and protect this data if you choose to do it yourself. In many cases, probably close to all of them, it's much wiser to have your gateway store the data for you, since they are (I am assuming) compliant with the regulations and with the PCI security standards required. Whether someone settles in real time, batch settles periodically throughout the day or settles once daily (just like a POS terminal does), is of little consequence to the transfer of funds from one bank to another. What is important is how the data is secured, what data is stored, and the circumstances around which both happen. An IPSP, even one that doesn't do gateway processing for outside clients, will store their own data normally, since they've passed all the security and compliance requirements, while a merchant account holder may choose between the options offered by their gateway provider. I have no idea how Verisign is set up, but it does seem odd to me that if they are doing the gateway in this instance, that they have not informed a client as to how their process works, and what options are available to the client. If Verisign is not aware that they are processing 5967 transactions for you, then it is because of either very poor due diligence on their part, or perhaps a failure to inform them of your true business model on your part. Once again, I don't have any idea which could be the case, and I'm not going to speculate. You should be aware that if you've misrepresented your business to Verisign, it's possible that you could lose the ability to process transactions entirely and you would lose your rebill database in that instance as well. I also agree with Mitch (who runs a very nice business) that a 50% decline in rebills is a problem. I can't think of any reason why that should happen, but if you are seeing it, before you decide to run your own rebills, you should investigate the cause of the problem and correct it. Bad scrubbing on the initial transaction could be a factor, your consumer base could be another factor. Without any idea of your conversion ratio, your credits or chargebacks, it's hard to say for sure what is causing the problem. You're not going to go to jail or pay multi-million dollar fines with a merchant account unless you are doing something illegal or you deliberately abuse the card association regulations with some very high volume. That kind of scare talk is nothing more than scare talk. Depending on your account volume, you should have options. Talk to Mitch or shoot me an icq if you want to discuss specific things that may be occurring. I'd be happy to talk to you about it if you like. I'd suggest getting sorted out and into compliance as quickly as you can.