Announcement

Collapse
No announcement yet.

PCI compliance with First Data

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • PCI compliance with First Data

    Does anyone use First Data for their credit card processing? I have been using them for about a year, they are... hmm... ok i guess.

    Although just found out that I have been paying them $99 PCI compliance fee when I am ALREADY PCI compliant as a 3dcart user. I called them and they said I needed to give them a certificate of compliance, I gave them the site link where it shoes 3dcart PCI compliance certificate and they said they cannot accept it as it does not say my SHOP'S name on it. Well, I am not hosting my site, I pay 3dcart to host my site and they are PCI compliant which makes me PCI compliant.

    Does anyone else use credit card processing companies that accept the certificate via 3dcart PCI compliance site??

    First data is taking $$ left and right, I am thinking about changing...
    Last edited by jimmy3dcart; 08-17-2018, 09:59 AM.

  • #2
    We have to do one too each year for our bank.

    Comment


    • #3
      Originally posted by simply audrey View Post
      Does anyone use First Data for their credit card processing? I have been using them for about a year, they are... hmm... ok i guess.

      Although just found out that I have been paying them $99 PCI compliance fee when I am ALREADY PCI compliant as a 3dcart user. I called them and they said I needed to give them a certificate of compliance, I gave them the site link where it shoes 3dcart PCI compliance certificate and they said they cannot accept it as it does not say my SHOP'S name on it. Well, I am not hosting my site, I pay 3dcart to host my site and they are PCI compliant which makes me PCI compliant.

      Does anyone else use credit card processing companies that accept the certificate via 3dcart PCI compliance site??

      First data is taking $$ left and right, I am thinking about changing...
      I have Merchant Warehouse, which I guess is a third party dealer for First Data. My bank account just got charged for this also! I called them and they keep telling me the same thing. That my store has to be PCI compliant. When I call 3dcart, they say I am! Basically, I think they are just selling us this extra service and say we have to have it! Did you have any luck getting them to accept the 3dcart compliance? I am so mad at Merchant Warehouse right now!
      Marsha,

      Comment


      • #4
        PCI compliance

        Make sure you have purchased a SSL, vs a shared SSL. I had First Data as well through Suntrust. Every Quarter. I was charged their $29.xx compliance fee and every year took their PCI compliance Test. If you haven't taken the test and had FD to scan your site. Then you need to do so. With out the scan, they dont know your are PCI compliant and you could incur large fees. Even though 3dcart is PCI compliance, you gota show FD that you are. I do feel the pain of their fees. I did change to a different bank that offered better Merchant fees after my contract was over. Another thing you can do is call First Data and ask for a rate review if you been with them over 6 mths. That will help with the fees. Hope that helps.

        David Hamlen
        Choice Checks LLC
        Cheap Business Checks, Quickbooks business checks, peachtree business checks, bulk blank checks, tax forms

        Comment


        • #5
          I use Merchant Warehouse and they contracted with Control Scan for PCI compliance. It involves a yearly questionnaire and quarterly scan to pass.

          I think the reason you have to do it even though 3dCart is PCI Compliant, they assume the data will leave the 3dcart environment at some point and enter your system, which is not covered under 3dCart's PCI certificate. They want to ensure (or at least have you attest to) a secure environment for cardholder data on every system the data touches.
          Chris
          TC Life Safety
          TC Wireless

          Comment


          • #6
            If you're looking to switch, I highly recommend Phil at merchantfeesavers.coms

            We just went through the review and re-quote and he saved us thousands in excessive fees.

            Comment


            • #7
              PCI Compliance

              Just going to throw my 2 cents in...

              You are still responsible to prove your website/company are PCI Compliant even if 3dCart has a passing certificate. You prove you are PCI compliant by having your website scanned, possibly your office public IP scanned (if data is exchanged between there and the site), and answering a yearly questionnaire regarding your business practices in handling data and your network.

              3dCart guarantees PCI compliance, but this may not always mean your specific website is PCI compliant. We just had this issue a bit ago where we were failing PCI scans and had to bring the issues to 3dCart's attention. This is your responsibility since 3dCart does not scan and verify ever single site they host. They are cleared as a company once a quarter/year, a lot can change in that time.

              We use TrustWave/TrustKeeper, but there are a lot of other services out there that will provide scanning and reporting to whomever you need.

              PS: Once we brought the failed PCI scan to 3dCart's attention, they did resolve the problem and a rescan has us back in compliance now. Your scanning service may not fail you for the same reason we were failed, it depends on a lot of criteria, but just be aware that it may happen.
              Last edited by Alupis; 12-11-2012, 12:14 PM.

              Comment


              • #8
                Originally posted by Alupis View Post
                Just going to throw my 2 cents in...

                You are still responsible to prove your website/company are PCI Compliant even if 3dCart has a passing certificate. You prove you are PCI compliant by having your website scanned, possibly your office public IP scanned (if data is exchanged between there and the site), and answering a yearly questionnaire regarding your business practices in handling data and your network.

                3dCart guarantees PCI compliance, but this may not always mean your specific website is PCI compliant. We just had this issue a bit ago where we were failing PCI scans and had to bring the issues to 3dCart's attention. This is your responsibility since 3dCart does not scan and verify ever single site they host. They are cleared as a company once a quarter/year, a lot can change in that time.

                We use TrustWave/TrustKeeper, but there are a lot of other services out there that will provide scanning and reporting to whomever you need.

                PS: Once we brought the failed PCI scan to 3dCart's attention, they did resolve the problem and a rescan has us back in compliance now. Your scanning service may not fail you for the same reason we were failed, it depends on a lot of criteria, but just be aware that it may happen.
                I do have my website scanned by McAfee and it passes the PCI compliance. However, Merchant Warehouse did not even give me the option of having another service. They sent a note in the Oct bill that I would be charged $99 whether I used this ControlScan service or not. I have been going back and forth with them. They did say that if I proved I was compliant they would credit me $40. Even with my McAfee scan it looks like the only proof they will accept is from their partnership with ControlScan.
                Marsha,

                Comment


                • #9
                  it's possible that McAfee PCI scan does not scan for specific things your bank is looking for. As I mentioned, we were failed PCI scan for things that other scans don't... Perhaps you can setup your own arrangement with the banks scanning service and save some money? Otherwise, it sounds like you may be stuck... sorry.

                  Comment

                  Working...
                  X