The Mrs has a small business that takes the majority of it’s revenue through Paypal. It also uses World Pay for a small number of debit/credit card payments. All either on the web or by telephone.

She needs to complete her Payment Card Industry Security Standard registration. World Pay just seem to want to charge her money for something that appears to be free through over websites. It also extremely confusing about what registration she needs to complete.

Can anyone explain this in simple terms or point to a straightforward website? Thanks.

PCI-DSS is the regulation surrounding the handling of payment card details.

Does she ever record, store, handle, or is she ever sent, on paper or electronically, any elements of debit/credit card data, especially:

– PAN (16 digit number)
– Expiry date
– CVV (3 digits on the back)

or is it all handled by WorldPay/PayPal?

If she does handle any of this information, she needs to be aware of her PCI-DSS responsibilities. It is a bit of a minefield.

How much do WorldPay want to charge her?

If she is writing down card details given to her over the phone then manually pushing it through Worldpay I expect she will need to comply with PCI-DSS ie how does she securly destroy that information or keep it etc

Can’t help beyond that. Previous job I had to implement a PCI-DSS approved back end payment system, that was a monumental PITA but necessary…

As long as her website does none of the payment details capturing, then it is questionnaire time.

If it does capture card details… change it so that it doesn’t…

It is a bit of a minefield.

Understatement.

Previous job I had to implement a PCI-DSS approved back end payment system, that was a monumental PITA

Also an understatement!

Understatement.

I didn’t want to scare him too much.

http://www.theukcardsassociation.org.uk/security/what_is_PCI%20DSS.asp

It is mind boggling the first time. Phone them up and get them to go through it with you. Next year all the same boxes will be ticked so you just agree.
If you don’t have the certificate I think they bill you £10 a month.
Fill the form in and there’s no charge.
World Pay are actually quite helpful on the phone.

How much do WorldPay want to charge her?

They want to charge a £30 per year “management fee”. Not a lot of money but it is when compared with the small number of payments we receive through them.

It seems that we fall into the self assessment questionnaire bracket. Not sure what £30 is for?

World Pay website and their merchant interface is terrible. I can’t believe that such a huge organisation have such a shonky system.

terrible. I can’t believe that such a huge organisation have such a shonky system.

The thing is, the competiting options are just as bad, so there is no reason for them to splash the cash to get things right. It’s like finding a telco with properly functioning customers services… they all try to be no worse, but no better, than the alternatives. Market forces in action, rather than theory.

They want to charge a £30 per year “management fee”. Not a lot of money but it is when compared with the small number of payments we receive through them.

On top of the per transaction fee?

The thing is, the competiting options are just as bad,

Barclays new(ish) SmartPay option is half-decent. (I don’t work for Barclays, but I have been working on a project using SmartPay)

On top of the per transaction fee?

Yes.

can you not post questions like this on here please mate while we’ve got other more interesting threads to read? 😀

EDIT: pleased youve got some answers now 😉

Paypal accepts credit and debit card payments for guest checkouts too – no need to use worldpay

no need to use worldpay

I was trying to save money, the Paypal fees are a bit higher than World Pay.

Complete pain in the arse though.

We have world pay zinc as a back up.
Don’t think there’s any fees if we don’t use it. Obviously we are already compliant for our main terminal.
Payment Sense came out fractionally cheaper when we looked earlier in the year. No transaction fee with contactless just a percentage.

glad to hear the industry is sorting it out – was shocked a few years ago when a hotel i stayed at regularly told me they’d already charged the extra for my breakfast meeting room to the credit card they had on record – i asked which one and they turned a laptop round and showed me an excel spread sheet of customers and credit card details – pointing to the one they’d used 🙁

It’ll be 4 or 5 years since I did payment receipts on a website but then Sagepay was a lot cheaper and more user friendly the WorldPay

glad to hear the industry is sorting it out – was shocked a few years ago when a hotel i stayed at regularly told me they’d already charged the extra for my breakfast meeting room to the credit card they had on record – i asked which one and they turned a laptop round and showed me an excel spread sheet of customers and credit card details – pointing to the one they’d used

I suspect loads of small companies are still like this….

Pennyhill Park hotel charged us more for stuff we didn’t have after we had checked out.
Very naughty.

It’ll be 4 or 5 years since I did payment receipts on a website but then Sagepay was a lot cheaper and more user friendly the WorldPay

Still is Gowrie.

The latest PCI standard questionnaire requires your hosting company to certify your secure site is secure. Guess what? They won’t and you need to go to either Sagepay or WorldPay for a solution for those who want to submit online. We will be able to put a hold on funds for bike hire now though.

OP if you’re only doing a few transactions iZettle may be cheaper overall. Make sure the shredder is crosscut and PCI compliant too. (Yes there is a standard).