Credit Card Processing - NEW Fee!

[Red Baron]

I received the e-mail below from my Sterling rep. Are all other CC processors doing this as well?

TO ALL MERCHANTS:

The members of Payment Card Industry - Data Security Standards
organization comprised of American Express, Discover, MasterCard, and
Visa (https://www.pcisecuritystandards.org/) has issued a mandate with
which every merchant must comply in executing a Security Assessment
Questionnaire (SAQ) and port scan (as required) by mid October this
year. Your processor, Sterling Payment Technologies cannot conduct this
process as it must be conducted by a Certified Assessor recognized by
PCI-DSS organization.

Sterling has engaged Security Metrics, http://www.securitymetrics.com/
to deliver an online Self Assessment Questionnaire. You may have
received or will receive a letter notifying you of this mandate and you
may have been charged the assessment fee debited from your bank account.
The amount is determined by the questionnaire so the sooner you engage,
the sooner you will see an adjustment for that debit. Here is the
proceedure:

First, *after you have received Sterling letter*, call 801-705-5700 to
speak with a representative. They will ask you what processor
(Sterling), the last six digits of your Merchant ID#, your corporate
phone number (from the Merchant Application you submitted), and your
email address. They will ask you about your system as well, i.e.
terminal (Hypercom, Verifone, Nurit, etc.). If you have a automated
system or software tell them and they will want to know if it is dial or
Internet. If it is Internet, they will need to know the system IP
address (example: 192.168.0.1). They will set validate your merchant
account in their system and then give you a password.

Second, Log on to http://www.securitymetrics.com/ and click on enroll
now. Follow through by answering the questions and scrolling through the
screens.

cont...

 

[ONEcard]

Yes

This is all part of the new PCI-DSS Standards that the credit card industry put forth. Depending on your operation you have different PCI Compliance issues that you must comply with They can range from filling out a self assessment questionnaire to having to have a onsite PCIDSS Security personnel on site.

For most car washes we will fall under the self assessment questionnaire or a questionnaire with port a location scans. These scans monitor your system to see if your car wash network can be hacked

Upgrading to PCI Compliance is a major issue for our industry as we all do things different Not all companies are PCI Compliant in their hardware and software. Most operators don't know a thing about PCI Compliance why they have to do it etc.

The realities of this is if you are not PCI compliant you are opening your self up to a large liability as well as penalties that you already agreed to when you signed your merchant service contract. A single penalty fee can be up to $6,000.00

There was a post months back 6 months + regarding credit cards standards etc. The person who made the post was driven off as folks thought he was stirring the pot and trying to get business. He was on the right track and was a harbinger no one wanted to hear it at the time.

The item your looking at and listed is for security Port scans. There are a lot of companies that do this. you need to have a port scan quarterly, and it can range from $350.00 to $1500.00 so shop. You need to look at this as network maintenance just like you service vac motors and pumps you will need to service your network. We have contracted with a who will perform the scans a major reduced rate for our customers.

I'm putting together a comprehensive PCI-DSS compliance package to explain all about this mess and how it will effect all of us. If you have interest in a free copy of it contact me off post and I'll make sure you get a copy

 

[Red Baron]

Well I don't like it! Why is this the car wash owners' problem? We don't make the equipment, we don't create the security that protects the customer. Why isn't this the cred card processing company's problem? Why isn't it the ACW mfg's problem? If the security issue involves the phone line also, why isn't it the phone company's problem? Why are these companies collecting "$350 - $1500," and doing it "quarterly," when it seems to me that the companies who are responsible for keep the security updated should be the ones footing the bill to verify that the security is there?

Something doesn't meet the eye here. If the XYZ credit card processing company's system is up to date, and Hamilton's ACW system will support that, why then does every single customer who has XYZ and Hamilton have to be "scammed" individually? Oh sorry, did I type scam when I meant to type scan? My bad.

Sure seems to me like just one more new and creative way to add yet another fee to the cc statement.

 

[washnvac]

I did the survey a couple of months ago. It only takes a few minutes, and is easy.

 

[ONEcard]

Red Baron

I don't dis agree. the issue is not the manufacturers of the card systems. We get the short end of it too. After spending ridiculous amounts of money designing a system to work and interface with car wash equipment we also get stuck with our own set of fee's to the PCI-DSS council, that would curl your toes.

The problem is with Visa MasterCard AMEX and Discover (the PCI-DSS Council) It was this group who made the rules.. Why? To curb fraud and loss! On the backs of every small business in America. They could have designed better cards or other security measures but instead laid out the PCI-DSS rules. If you want to be on the field (take cards) You play by the rules of the game (they make the rules)

I agree its a rip. The cost flow everywhere your Merchant Service provider is being hit by by major cost which you can bet gets passed on to you.

If you just have an ACW with a dialup card system then you wont have a big deal with this Its a simple questionnaire 140 questions Dial up seams protected. The problem comes if you want high speed. high speed means the internet which opens you up to every 2-bit hacker

Zack

 

[Tom Thumb]

Had this issue with CC compliance earlier this year,after several conservations they sent form for me to fill out stating that I did not have access to CC numbers and did not print receipts after filling out form and returning to the CC company, had several more phone conservations they sent a letter stating that I was in compliance and also informed me that I would have to go thru this again next year.
I do not know what they are charging for this service now but were quoting me $49.99 per quarter.
My advise to anyone working on this issue is to keep copies of all correspondence, my experience was that everyone at the CC co. seem to know very little about this problem.

 

[Jeff_L]

I have the WashGear system and was contacted by some credit card or security company (cannot remember which) who asked me what version of the WashGear software I was using, I told them, and then they said I was good to go. No fees.

 

[Waxman]

That's a PCI compliance.

My new company sends a letter with a phone # about the fees and questionnaire. Just got off the phone with the guy.

 

[Red Baron]

Ok never mind. It wasn't as big a deal as I'd imagined. My processor (Dena Vinson 512-280-5293) walked me right through it...as usual. Ten minutes later I received an e-mail that I was in compliance.

An old Dale Carnegie Course adage applies: Ninety five percent of the things we worry about never actually happen.

 

[rtcgolf]

Red Baron,

You really had me going for awhile. I really got my partner all excited. Thanks for the heads up. We will be in touch.

 

[Red Baron]

Red Baron,

You really had me going for awhile. I really got my partner all excited. Thanks for the heads up. We will be in touch.

Golf,

I overreacted. It's the first time that's ever happened...in spite of what my wife tells people. It actually only cost $70. The instructionsannoyed me with 40 insider terms such as MID, PCI, SAQ, STP, STD, IOU, NSF, etc. I have enough acronyms to keep up with in the car wash business, roofing, and aviation virtually exists upon 75 dozen acronyms most of which you cannot function without knowing...the last thing I wanted to do was to learn half a dozen credit card processing acronymns too, that I'll hopefully never need again. Dena understands my impatience, held my hand, and walked me through it.

 

[JMMUSTANG]

I've been told by my gasoine supplier that you have to be PCI compliant ONLY if you want to accept debit cards at your terminals.
If you accept only credit cards you do not have to be PCI compliant.

 

[Cleaner]

I have the WashGear system and was contacted by some credit card or security company (cannot remember which) who asked me what version of the WashGear software I was using, I told them, and then they said I was good to go. No fees.

 

[Cleaner]

Hi Jeff , I’m from Alberta and am looking for a company to process my credit cards , I use Unitec paysites in each bay ?

 

[Earl Weiss]

I've been told by my gasoline supplier that you have to be PCI compliant ONLY if you want to accept debit cards at your terminals.
If you accept only credit cards you do not have to be PCI compliant.

Well, since debit made up a large percentage of pay at the pump there was really no way around it. If you clear CC thru the supplier they can walk you thru anything you need to do.