Thanks Steve for the info, I am just trying to get away from sending monthly statements and automate that process as much as possible.
Marc From: Steve Johnson Sent: Friday, September 02, 2011 8:28 PM To: RBASE-L Mailing List Subject: [RBASE-L] - RE: Automatic bank drafts or CC payments Just to clarify, PCI compliance only involves whoever is processing the credit card transactions. Becoming PCI compliant is a difficult and demanding process at best and requires monthly and annual compliance checks. Almost went down that path. We use to process credit cards manually with a local terminal, but have since moved to on-line transaction processing with a suitable processor and an on-line shopping basket. This shifted compliance and liability issues from us to them, and we no longer receive credit card information like before. The rules for credit card transaction processing have tightened up significantly over the years for obvious security reasons. This is probably one of those areas that is best left to those who are in the business of processing credit cards and have the resources to comply with PCI rules as they continually change. Steve B&O Railroad Museum At 03:27 PM 9/2/2011, you wrote: Great info, thanks Mark Marc From: Mark Lindner Sent: Friday, September 02, 2011 1:17 PM To: RBASE-L Mailing List Subject: [RBASE-L] - RE: Automatic bank drafts or CC payments There are 2 different systems for doing these payments, you can use a payment processor to do them, all or part. Most banks will also provide you a business package that allows you to do ACH transfers from customers. My bank allows us to enter them on line, and maintains the account info on recurring payments so we can just click it again and go. They also allow for uploading files with the transaction data directly. All you need is the account number, routing number and amount. Credit cards normally go through a separate process. You request and are given a merchant account and that processor accepts your data, either from a swipe or on line form and sends it to the clearing houses, either Visa MasterCard or Amex. Some of them will also accept data files. Some small business service companies provide both, ACH and credit cards. Intuit, and American Express Express Pay among others. You can also look for payment processors like Authorize.net or BillingTree who have lots of options on how the data gets to them. Some like BillingTree have more options like taking IVR responses for payments or web portals to allow the customer to enter the payment themselves. . Mark Lindner Lindner & Associates PC 400 Hunnewell St, Needham MA 02494 PO Box 920435 Needham MA 02492 0005 781 247 1100 Fax 781 247 1143 EFAX 857 366 9691 Toll Free 888 658 4269 Direct 781 247 1160 THIS IS A COMMUNICATION FROM A DEBT COLLECTOR -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of MDRD Sent: Friday, September 02, 2011 2:05 PM To: RBASE-L Mailing List Subject: [RBASE-L] - RE: Automatic bank drafts or CC payments Thanks Larry I have a friend that owns a gym, I may ask him how he does it. Marc From: Lawrence Lustig Sent: Friday, September 02, 2011 12:10 PM To: RBASE-L Mailing List Subject: [RBASE-L] - RE: Automatic bank drafts or CC payments << That's not really how it works. You can't just store customer's credit card information (or bank account info) in a table. Look up info about Payment Card Industry Data Security Standard. >> There's nothing in the standard that actually says you can't store credit card numbers. The standard describes a minimum level of protection and does so in very general terms ("Develop and maintain secure systems and applications", "Protect stored cardholder data"). It doesn't even require encrypted database storage (although it does require encrypted tranmission on public networks). That said, like Dawn I always suggest to clients that they don't store credit card information but rather request it with each transaction. That way you never find yourself in the position of having to tell 5,000 customers that you might have compromised their credit card information. Whether you store it or request, it's fairly easy to process credit cards via program code. I've done one implementation where the credit card process provided a free ActiveX control and I wrote a little bit of VBA glue to process the transaction. I suspect there are also options to perform this transaction through HTTP requests, but I don't have any experience with those. Bank drafts I have no experience with but banking is so automated these days I would be surprised if you couldn't do this electronically as well. -- Larry
