Posts Tagged ‘PCI compliance’

Sharing is Only for Kids

Monday, August 23rd, 2010

I received an interesting email from Visa recently, and it bears wider dissemmination.  The crux of the message was a reminder that it violates Visa regulations to share card numbers between merchants.  This is probably obvious in some contexts (i.e. if you sell your customer list to another company, you better not pass along their card numbers).  In other cases, though, folks may not realize they’re breaking the rules.

Assume you run an online video service.  You have an affiliate that sells pizza.  They allow someone to buy their pizza, then ask the pizza-buyer if they’d also like to rent a movie online.  If so, they route the user to your site.

So far, so good… but this is also where people get into trouble.  If the affiliate passes in basic information (their affiliate ID, the genre of movie in the advertisement, etc.) that’s OK.  However, the affiliate is explicitly prohibited from passing along the payment information.  Would it be more convenient for the customer if the payment info passed in?  Probably.  However, it’s against the Visa regulations.  It’s also a violation of rules with the FTC, unless you have explicit permission to do so from the customer.

Just a friendly reminder to be careful about passing this sort of information between affiliates.

http://www.paymentsnews.com/2010/04/visa-prohibits-web-merchants-from-passing-along-cardholder-info.html

and

http://www.retailing.org/advanced_consent_marketing_guidelines

Doug SmithTags: , ,
Posted by Doug Smith in Best Practices, Client Services | No Comments »

Eliminate PCI Compliance With Hosted Order Automation

Tuesday, April 20th, 2010

An article in Internet Retailer Magazine discusses the cost burden Payment Card Industry (PCI) regulations place on merchants of various sizes.  Mind-bogglingly, the effort to maintain compliance and pass the annual audit can easily reach $1 million.  To help merchants eliminate this burden altogether, we at Vindicia announced today a new capability in CashBox called Hosted Order Automation (HOA), whereby merchants can completely offload their PCI cost to Vindicia.

Before explaining how HOA works, we’ll briefly describe the background. In a typical online CashBox transaction that’s paid by credit card, a customer who clicks the Buy or Checkout button on a merchant’s site sends his or her credit-card information–securely–to Vindicia for billing.  During that process is a moment in time when the transaction passes through the merchant’s server.  Even if the merchant immediately deletes that credit-card information, the very fact that it touched the merchant’s server requires that the merchant comply with PCI.  That’s true even if the merchant is working with a PCI Level 1 Service Provider in Vindicia.

With HOA, PCI regulations do not apply to merchants who use CashBox because, instead of passing through the merchants’ servers, all credit-card transactions go directly to CashBox.  Not only can those merchants continue to enjoy the other inherent capabilities of CashBox, they still retain control of their customer experience, that is, the look and feel and other user-interface components of the checkout page. Yes, having one’s cake and eating it, too, is actually possible in this situation.

To learn the details about HOA, read its data sheet. Feel free to contact Vindicia for more information or post questions to our community forum.

Sanjay SarathyTags: , , , ,
Posted by Sanjay Sarathy in Best Practices, Marketing Fury | No Comments »

$40 Million

Wednesday, March 17th, 2010

In my previous post, I alluded to statistics that highlight how Vindicia CashBox helps clients retain customers and thus lift revenue streams.  In a press release issued at the Game Developers Conference in San Francisco in early March, we mentioned these numbers:

  • Over the past year, thanks to our retry logic, Account Updater, and other retention capabilities, our clients gained 10-25 percent more of the customers who failed in their initial attempts to renew subscriptions.  We have seen this trend across all the vertical markets we serve.
  • Take those percentages and aggregate the dollars across our client base over the past year, you get a total of $40 million.  More importantly, this number grows every day as we add clients and as our existing clients’ business expands.
  • Our transaction volume has risen by about 45 percent over the past year: We now handle about 250,000 transactions every day while remaining PCI-compliant at the highest levels for the fifth year.

Speaking of PCI compliance, its juxtaposition with cloud computing is catching more and more attention.  If you’re attending Cloud Computing Expo in NYC in April, check out our CTO Brett Thomas’s presentation.  You’ll hear something very novel that will radically change your thinking about PCI compliance in the cloud.  I promise.  Don’t miss that talk!

Sanjay SarathyTags: , ,
Posted by Sanjay Sarathy in Best Practices, Marketing Fury | No Comments »