Using laptop for mobile card transactions??

[greenglaze]

I'm thinking of taking my website 'on the road' by taking my stock to a few gift fairs.
A mobile terminal from 123-send costs £80 + vat for a 3 day hire.
Has anyone out there used the payment gateway on their website for processing credit cards at live events?
Obviously the customer would have to input more info than usual but you could cut down the required fields or advise them just to put xxx instead of typing in their contact details.
The venue would have to have broadband, preferably wireless but are there any other pitfalls, technical or legal?
Any thoughts or experiences welcome.

 

[sanjiv]

What payment gateway do you use? 123-send ?
A lot of payment gateways allow you to use Virtual Terminal which is for taking payments over the phone.

I know PayPal and SecureTrading offer this.
https://www.paypal-business.co.uk/virtual-terminal.asp
http://www.securetrading.com/virtual-terminal.html

 

[TotalWebSolutions]

What payment gateway do you use? 123-send ?
A lot of payment gateways allow you to use Virtual Terminal which is for taking payments over the phone.

This would be MOTO and would not be suitable for customers at live events... unless they rang the merchant at the stall to pay but this would be very pointless and possibly 'iffy' in the eyes of the clearing banks.

Certainly, a customer could process an order on a laptop at a live event but I would imagine they would have to complete the process themselves rather than the merchant completing the process up until the pay page. Again, this seems to be a grey area with the clearing banks but until they say you definitely cannot do this then it is open to question and we have had merchants do this at live events in the past without question from the bank.

Simon

 

[alanc]

If you're inputting credit card details through your laptop, you PCI-DSS compliance suddenly gets a whole lot more complicated as you are no longer a type 1 merchant.

 

[PayVector]

This would be MOTO and would not be suitable for customers at live events... unless they rang the merchant at the stall to pay but this would be very pointless and possibly 'iffy' in the eyes of the clearing banks.

Certainly, a customer could process an order on a laptop at a live event but I would imagine they would have to complete the process themselves rather than the merchant completing the process up until the pay page. Again, this seems to be a grey area with the clearing banks but until they say you definitely cannot do this then it is open to question and we have had merchants do this at live events in the past without question from the bank.

Simon

Simon,

It is not a grey area at all. Card Scheme rules state that all security features of the card must be used at the point of transaction. For card holder present which this is they must use a physical device, as in a terminal to read the chip.

So technically you should not be keying in transactions via a virtual terminal when you consumer is present with card in hand. Do I think the card scheme police will be out there hunting you. I doubt it. I have seen loads of people at such events doing it just like you are proposing.

If you're inputting credit card details through your laptop, you PCI-DSS compliance suddenly gets a whole lot more complicated as you are no longer a type 1 merchant.

Does not change a thing for the OPs compliance level. I would guess they are a Level 3 anyways. The funny thing is every merchant is at least a Level 3 if they have a virtual terminal. Eventually every merchant will have to key in some data for a refund or adhoc purchase or some similiar type situation.

 

[snakeeyes121]

This is what Ive set up and testing for a friend to use for telephone
and in person payments, it uses nochex payment pages, just a simple
form http://qualitylivefoods.com/mail-order.html

all your details are pre filled, all you need to enter
from the customer is the payment amount, name on the card, 1st line
of address and postcode, when you submit it you get taken to the secure
nochex payment pages, all the info gets passed over and you input the
card details.

Works like the paypal virtual terminal

 

[sanjiv]

Its not just like Virtual Terminal because the Visa security might come up which I know Lloyds TSB and RBS both have where the user has to enter some characters of their password.

 

[greenglaze]

Hi Sanj
In reply to your post at top of page I'm using Sagepay as a gateway online and my merchant is Streamline.
Interesting replies. Thanks. Any more thoughts?

 

[drounding]

If you are entering different card details into your website as if they were face to face orders then be aware that some PSPs may see this as suspected fraud if they recognise that a number of different card details are being processed from the same IP (computer connection).

 

[Nochex Ltd]

Hi,

This post has come to our attention today and it is of great concern to us hence we felt we needed to intervene....

Nochex can only be used for online transactions where the card holder is not present. No merchant using Nochex should ever take card details on behalf of their customers over the phone or by mail order.

Cardholders MUST enter their own card details and the Nochex system should never be used for VT transactions.

VT transactions are against card scheme rules and anyone found to be processing telephone payments via their Nochex account will have their account closed with immediate effect.

In addition, as quite rightly mentioned, Nochex uses 3D Secure (Verified by Visa and MasterCard Secure Code) - the card holder is required to enter their 3D Secure password to complete their payment.

Many thanks

The Nochex Team

 

[kulture]

Back to the OP. The pitfalls have been graphically highlighted by the previous post.

In addition to being against the rules, and you running the risk of having your account terminated, what do you do if a chargeback is issued. What do you tell your merchant provider. How do you defend the chargeback?

In the past (pre chip and pin) we used to go out armed with a manual card thing and card slips and get the imprint of the customer's card and getthem to sign these manual vouchers. Then when we got home type the card details into the card terminal and say customer present ans signature OK (both true, as we saw the card and checked the signature).

These days we rent a mobile chip and pin terminal (about £25 a month) and do everything properly.

 

[snakeeyes121]

Hi,

This post has come to our attention today and it is of great concern to us hence we felt we needed to intervene....

Nochex can only be used for online transactions where the card holder is not present. No merchant using Nochex should ever take card details on behalf of their customers over the phone or by mail order.

Cardholders MUST enter their own card details and the Nochex system should never be used for VT transactions.

VT transactions are against card scheme rules and anyone found to be processing telephone payments via their Nochex account will have their account closed with immediate effect.

In addition, as quite rightly mentioned, Nochex uses 3D Secure (Verified by Visa and MasterCard Secure Code) - the card holder is required to enter their 3D Secure password to complete their payment.

Many thanks

The Nochex Team

I would just like to point out that I wouldnt ever use your payment system on my website.

In the test transactions i completed it was clear theres major security flaws in your payment system.

You allow payments to be processed when an incorrect CCV number is entered, this is a major concern, as its one of the only way to confirm a card is in the buyers hands.

Also where a card that is registered by verified by visa / mastercard and you are processing a low value transaction the verified by visa does not pop up.

With both these things combined you are leaving your merhants open to multiple chargeback and possible fraudulant transactions.

I'm sure the likes of visa, mastercard and the banking institutions wont be too pleased that you are breaking the guidelines they set out to secure internet payments.

 

[mobyme]

Hi,

This post has come to our attention today and it is of great concern to us hence we felt we needed to intervene....

Nochex can only be used for online transactions where the card holder is not present. No merchant using Nochex should ever take card details on behalf of their customers over the phone or by mail order.

Cardholders MUST enter their own card details and the Nochex system should never be used for VT transactions.

VT transactions are against card scheme rules and anyone found to be processing telephone payments via their Nochex account will have their account closed with immediate effect.

In addition, as quite rightly mentioned, Nochex uses 3D Secure (Verified by Visa and MasterCard Secure Code) - the card holder is required to enter their 3D Secure password to complete their payment.

Many thanks

The Nochex Team

I'm not sure I believe that this post is by nochex; if it is why didn't they direct you to a page on their official website where you could check this out.

Many thanks

The (maybe not) Nochex Team

Nah it stinks.

 

[drounding]

I think what Nochex are saying is actually true for any PSP. If you wish to enter card details directly online you need to use a VT. You can't just enter card details as if you are impersonating the purchaser, I expect they'll soon see your IP and account is being used for multiple transactions and flag it as possibly fraudulent activity.

 

[PayVector]

I think what Nochex are saying is actually true for any PSP. If you wish to enter card details directly online you need to use a VT. You can't just enter card details as if you are impersonating the purchaser, I expect they'll soon see your IP and account is being used for multiple transactions and flag it as possibly fraudulent activity.

If you want to process a Mail Order / Telephone Order then you need a MOTO account. Any transactions that people phone through get keyed via a VT through the MOTO account and any transactions from the web are sent through an Ecommerce account.

Different scheme rules apply to cards for both types of transactions. Most gateways offer the ability to do both. I am suprised Nochex do not.

 

[Nochex Ltd]

Hi,


Firstly I would like to confirm that the earlier post was from Nochex was indeed genuine. (I would include a URL if I was allowed but as a new user to UKBF I do not have permissions to post URLs yet).


In relation to the comments made by Snakeeyes121:


Nochex takes card security very seriously and I can confirm that Nochex does check CV2 numbers on every transaction and requires a positive match for the transaction to be processed.


Kind regards

Nochex Ltd