eBay Suspension & PayPal Limited Forums  
Join Today
Register Subscribe
     

Registration is fast, simple and absolutely free so please, join our community today!


Go Back   Home

eBay Suspended & PayPal Limited Forums

eBay Suspended & PayPal Limited Forums (https://www.aspkin.com/forums/)
-   eBay News (https://www.aspkin.com/forums/ebay-news/)
-   -   eBay Checkout, Merchant Accounts and PCI Compliance (https://www.aspkin.com/forums/ebay-news/11189-ebay-checkout-merchant-accounts-pci-compliance.html)

eBayNews 05-31-2009 09:00 PM

eBay Checkout, Merchant Accounts and PCI Compliance
 
Last Monday, I wrote about an issue affecting sellers with merchant credit card accounts, and in particular about a seller who had a question regarding eBay's Payflow Gateway Service. Sellers who have a credit card merchant account and wish to use eBay Checkout must use the Payflow Gateway service in order to allow buyers to enter their credit card information directly in eBay Checkout.

I asked PayPal some follow-up questions.

Is the eBay Payflow Gateway PCI compliant?

Yes. The Payflow Gateway is PCI compliant.

Will eBay Payflow work with web payments pro, and what are the consequences if not?

At this time it does not. However, eBay is working on completing the implementation.

I also wanted to get more information about the circumstances under which such a merchant would choose not to use eBay Checkout if they weren't using an authorized eBay Third Party Checkout system. This is especially timely in light of the fact that some vendors are discontinuing Third Party Checkout, including Infopia and eBay ProStores, due to upcoming changes eBay is making on June 15.

PayPal spokesperson Charlotte Hill said, "We allow buyers to enter their credit card information directly and securely in eBay checkout. This is an optional feature. Merchants can continue to have buyers email / fax / call them with CC numbers outside of eBay checkout. We recommend that they switch to the Payflow integration because it will be more convenient and secure for buyers, and faster and more efficient for sellers. But we're giving them the option."

So merchants who choose not to use eBay Checkout can instead process credit cards manually. Is that feasible for the majority of sellers who have merchant credit card accounts given the extra steps required to collect and manually process credit card numbers? I contacted the merchant who originally alerted me to the issue in Monday's article. Apparently he uses Infopia, which will no longer support eBay Third-Party Checkout as of June 15. Can this merchant take credit card numbers over the phone or via fax? "We do not have the time to process orders like that and it runs completely counter to the purpose of the Web as a commercial medium."

It's important for merchants who chose not to use a checkout system on eBay to understand the legal and PCI requirements around collecting and storing credit card information.

Bob Russo, General Manager of the PCI SSC, said, "Companies cannot store unencrypted credit card data, CVV codes, pin codes/numbers or any magnetic stripe data. The PCI DSS does not permit using email or other end user messaging technologies to transmit unencrypted cardholder data. This is outlined in requirement 4.2.

"Anywhere cardholder data is stored, transmitted or processed it must be protected by the requirements of the DSS. The DSS mandates not storing cardholder data unless critically necessary and rendering any stored account data unreadable through hashing or encryption.

"Merchants may choose to accept or process card data via fax or phone, providing it is protected upon transcription and storage in accordance with the DSS. For example requirement 9 provides a host of controls to protect access to cardholder data such as securing any paper records that may contain cardholder data."

Note that there are state and federal privacy laws that encompass the storage of unencrypted data, so even if you take phone and fax orders and not email orders (which are prohibited by PCI DSS standards, according to Russo), you must be careful about how you store that data after you process the payment! (See more information on the Better Business Bureau website.)

Jonas 06-01-2009 10:43 AM

kingbrend, did you write this yourself or is it copied from a website?

Oddly aspkin edited it for some reason, too.

aspkin 06-05-2009 11:01 PM

kingbrend = aspkin

And the posts in these section are automatically posted from AuctionBytes by RSS


All times are GMT -5. The time now is 09:26 AM.

vBulletin® Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Ad Management by RedTyger


Aspkin Group

All times are GMT -5. The time now is 09:26 AM.


Stop the guessing games and learn how you can quickly and easily get back on eBay today!
Read the best selling step-by-step eBay Suspension guide eBay Stealth!
Amazon Suspension? Read Amazon Ghost to get back on Amazon!
vBulletin® Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Ad Management by RedTyger

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58