If you sell online and accept credit cards you should know by now there are several new compliance issues that are right around the corner. PCI compliance is an ongoing issue, but the newest compliance issue coming up is PA-DSS compliance. Since I use Miva Merchant I’m really only concerned with these issues as they relate to Miva Merchant. My first step a few months back was to go from MM v4 to v5.5. The latest step towards compliance was the PR7 Wombat release update. So overall compliance is oh so close.
Here’s a few forum threads and articles to help out and keep up with the PCI, PA-DSS compliance issues:
PCI Compliance thread at Miva Merchant Community Forums – this thread is long but covers the ongoing issues with PCI and PA-DSS compliance… Rick Wilson, President of Miva Merchant is active in this thread. You have to read through some of the clutter, but Rick along with a few hosting companies, provide some very helpful info.
Setting Up A PCI Compliant Miva Merchant Online Store – video from a breakout session from the 2010 Miva Merchant conference
Demystifying PCI-DSS and PA-DSS Compliance For Web Hosting Customers – blog post from Rick Wilson that explains compliance
PCI Security Standards Council – check under the security standard tabs for each requirement
PCI DSS @ Wikipedia – Wiki on requirements, history and more
PA-DSS @ Wikipedia – Wiki on requirements, history and more
Miva Merchant Blog – updates on compliance should be posted when available
Follow Miva Merchant on Facebook for updates
Follow Miva Merchant on Twitter @Miva_Merchant for updates
New Processing requirements:
The second issue is the new MasterCard and Discover rules which deals with the new processing requirements. In my opinion these are some really half baked requirements. Here are the basics of the new requirements as provided by Authorize.net:
- Balance response transactions — For prepaid and gift cards, once the card has been used, the remaining account balance will be transmitted along with the authorization response. The remaining balance must be printed on the customer receipt, displayed on the Web page or point-of-sale terminal, or both.
- Partial authorization transactions — When a customer’s transaction amount exceeds the balance available on their debit, prepaid or gift card, instead of declining the transaction, a partial authorization for the amount available to the customer will be returned. This will allow the customer to pay for the remaining amount with another form of payment. This is called a split-tender transaction.
- Authorization reversals — An authorization reversal is a real-time transaction initiated when the customer decides that they do not want to proceed with the transaction, or if the merchant cannot complete the transaction for any reason. Authorization reversals free up the customer’s available balance on their debit, prepaid or gift card.
These rules went into effect in May and April of this year (2010), but thankfully since I use Authorize.net, myself and all Authorize.net customers have a pass until June 30, 2011. I don’t have a lot of information on this issue yet, but there is one thread below that discusses the issue.
Miva Merchant Community Forum – thread discusses the new MasterCard and Discover processing rules and how they will work and get implemented in Miva Merchant. Rick explains where things stand and what will need to be done.
If you have any other information on either of these issues above please let me know and I’ll include a link to it.
Hi, I'm Steve... an eCommerce merchant that writes about eCommerce, advertising, marketing, blogging, design, social media, seo, tech and other randomness.