“VirtueMart is an Open Source E-Commerce solution to be used together with a Content Management System (CMS) called Joomla!. Joomla! and VirtueMart are written in PHP and can be used in typical PHP/MySQL environments.” – Virtuemart

What do our integrators have to say about us?

Are you thinking about integrating your project or application with Merchant Warrior? Are you wondering about how complex an integration with our advanced Payment Gateway may be? Here’s what Max Milbers, the Project Leader of the Virtuemart shopping cart had to say about his experience of integrating the Merchant Warrior Payment Gateway. He also mentions how the Merchant Warrior Token Payments product will be integrated in a future release of Virtuemart.

“As I started to implement the MerchantWarrior payment plugin for virtuemart, I didn’t have any knowledge about the idea and security concept of MerchantWarrior. I expected a complex security concept and high requirements.

Merchantwarrior gave me some easy to read pdfs describing the system. The idea behind the Token system is that a customer uses its credit card information only once and crucial information is not stored at the shop. But the customer is able to reuse the credit card without entering the data again.

When a shopper uses its credit card the first time, Merchantwarrior creates a unique id (token), which only works for one shop. Normally when a shop gets hacked, all stored credit cards must be frozen, replaced and deleted. This is a big damage for the credit card institutes and the shopper. The security gain using Merchantwarrior is that the information stored at the shop, fits only to one shop in the world and has nothing to do with the normal credit card data. This is a very good security gain.

Virtuemart 1.1 series works now with the more simple solution without token. Virtuemart 1.5 will support the advanced system which makes it possible to store different credit card tokens at the shop.”

- Max Milbers (Projectleader Virtuemart.net)

We will definitely keep you updated with the future releases of the Virtuemart plugin for Merchant Warrior and the ability to take advantage of Token Payments.

All merchants that are implementing a fresh installation of virtuemart 1.1.5 will be able to select Merchant Warrior as their Payment Gateway quite easily. For those merchants that are upgrading from an earlier version of Virtuemart the following steps should be taken to enable Merchant Warrior as your Payment Gateway:

1. Go the Admin Panel of Virtuemart in the Joomla backend.
2. Go to the topic store and click “Add Payment Method”.
3. Give your payment method a name, ensuring that you enter the correct code (MW).
4. Choose a payment class name – “ps_merchantwarrior”.
5. Set the Payment Method Type to “Use Payment Processor”.
6. Enable the default Credit Cards.
7. Go to the Configuration tab to set your Merchant ID and Merchant Password.

If you have any issues during this process feel free to contact the Merchant Warrior Support Team.

Happy Integrating!

The BEST way to shop online

Merchant Warrior is proud to support one of its clients in their new venture into the online shopping space. We believe that this is a great service that will not only benefit consumers but also benefit our merchants that are looking for greater exposure.

What is Gimme.Com.Au?

Gimme Shopping is an exciting new Australian shopping search and comparison service. The biggest problem for shoppers when using current shopping search sites is that they display results based on how much stores are paying them, not necessarily the best or cheapest results.  This means that shoppers are misled into thinking the products displayed at the top of search results are better, when in fact they are simply the stores who pay the most for a click.

While misleading search results should be a concern for shoppers, there are issues for online stores as well. Major shopping search services use a Pay Per Click (PPC) model to charge stores who list with them. This means that online stores pay for traffic in the form of clicks, even when the clicks are from a competitor checking prices or a customer simply doing research which don’t generate a sale.

Gimme Shopping’s unique model solves these problems.  At Gimme Shopping our results are pure and based only on matches to relevant product information such as product names and descriptions. Gimme Shopping prefers to use a Pay Per Sale (PPS) model whereby commission is only paid on verified sales, and at a rate set by the online store.  This is a much fairer model, and is risk free for online stores who don’t want to pay for traffic with no guarantee of results.

The Gimme Shopping performance based model certainly seems to have hit a chord with online stores with over 1000 stores partnering with Gimme in the first 6 months providing shoppers with easy access to millions of products across a huge range of categories including Electronics, Digital Cameras, Fashion, Wine and Home & Garden.

Visit Gimme Shopping to get the best results for products from a huge range of Australian online stores.  Research products before you buy and compare products and prices from Australia’s largest and fastest growing online shopping network.

Sign me up!

Merchants looking to increase their exposure and join Gimme’s increasing list of online stores should do so by clicking here for further information.

We wish Gimme.com.au the best of luck!

It may not be the most exciting news but it’s definitely worth a mention – last week we were approved as a Tier 1 PCI DSS Compliant Payment Provider again. It’s important for us to mention this to our clients and to the public as we take PCI DSS seriously. Each year we undergo an on-site audit by our professional QSA – Securus Global. Each of our products, services and environments are audited to ensure that our practices are PCI DSS Compliant and that we protect our merchant information in every way possible.

We undergo this on-site audit for three major reasons:

1. Obviously, it’s a requirement.
2. We like to ensure that each product and service that we develop meets the requirements of the PCI DSS.
3. It’s important to us that we provide our merchants with the most secure platform to process transactions under.

It’s no secret that Merchant Warrior is working behind the scenes to produce new technologies to enhance the Payment Industry. However, we do have a few secrets in regards to the products and features which we will be releasing later this year. Our merchants are in for a pleasant surprise! Now that our new features and services have been given the tick of approval all that’s left is intense Quality Assurance and Software Testing before we release these exciting features to the public.

In the meantime I would like to thank Securus Global for completing yet another successful on-site audit with our team. The audit was handled in an extremely professional manner and no disruptions to important schedules took place – and for that we are extremely grateful. Also, to the team – I’d like to thank you for being well prepared and having all in order, making it a simple task for Securus Global to complete the audit. Well done!

For all merchants that would like to view our new certificate of compliance click here.

Now, I mentioned earlier that we take the PCI DSS seriously, and in all honesty we do. But the next comment is directed to the PCI Council – “Why?” and it relates the following video which is available on their website.

Just a warning – you may not take the PCI DSS seriously after you view this video.

As a merchant, seeing the word “Fees” would not be something out of the ordinary. One fee that most merchants would not have heard a lot about is Interchange Fees. It’s important to note that Interchange Fees are also referred to as a “swipe-fee” at times.

In order to fully understand Interchange Fees it’s always helpful to clearly understand the meaning of a Merchant Service Fee (MSF).

As a merchant you’ll notice that you will have been given a MSF from your Bank. The MSF is a % fee which is taken from each of your transactions and is held by your Bank. As most of you will know, the MSF that each merchant receives will be different and is calculated according to a number of different factors such as:

Risk – The risk that is involved with your business.

This does not necessarily focus on the industry that your business operates in. Some of you may deem a high risk merchant as an adult store or a merchant selling pharmaceutics online and that’s correct. However, how about a merchant selling jewelery online? Or a merchant that offers a yearly subscription for its services? These merchants may not necessarily be in a high risk industry but there is a certain element of risk involved in processing their transactions due to the high possibility of chargebacks occurring.

Volume – This is the total revenue that you will be able to generate with your merchant facility.

Transaction Volume – This is the total number of transactions that you will process through your merchant facility.

Card Type – This refers to the different types of credit/debit cards that you will accept with your facility. How many of your transactions will come from Standard/Domestic Credit Cards? How many will come from International or Premium Credit Cards?

There are a lot of other factors that the Bank will take into account when working out a merchant’s MSF, however, let’s pay close attention to the last item on the list above – “Card Type”. So you’re probably wondering why your Bank cares about the different types of credit/debit cards you’ll be accepting? It’s all plastic – so same thing right? That, my friends would be logical. And as we all know when it comes to financial institutions, and the schemes, logic is never an option!

Just as you, the merchant, has to pay fees to your Bank, your Bank too has to pay fees to the Card Schemes (VISA, MasterCard, American Express, JCB, Diners Club). The fees that are associated with each transaction are known as Interchange Fees (or as we mentioned earlier “swipe-fees”). The Interchange fees differ depending on the industry type and card type and are subject to change whenever the Card Schemes deem necessary.

The good news is that the Interchange Fees for VISA and MasterCard are public. Please see below for the links to each of the corresponding Card Scheme Interchange Fees:

• VISA Interchange
• MasterCard Interchange

Things may make a little more sense now. If you’ve ever wondered why your Bank has a higher rate for international transactions as opposed to domestic transactions, you’ll now realize that it’s due to the Interchange Fees.

Now when someone mentions Interchange or the term “Interchange Fees” you’ll know exactly what they’re talking about. Even better, you’ll now understand the importance of this article: Retailers score in swipe fee fight with credit card giants.

For all merchants – we’ll be keeping our fingers crossed for you!

At some point during the running of your online store you will most definitely be asked some of the following questions: “Are you PCI Compliant?”, “What level of compliance do you adhere to?”, “Have you filled out your Self Assessment Questionnaire?”. The list can go on but in order to answer these questions correctly it’s best to know exactly what is being asked and to understand what PCI DSS Compliance is all about and the importance that this has upon you as a merchant.

Let’s get some of the common questions out of the way in bullet form and then we’ll move onto explanations:

Q: What does PCI DSS Compliance stand for?

A: PCI DSS stands for “Payment Card Industry Data Security Standard” which is governed by the Payment Card Industry Security Standards Council. The PCI DSS is supported by VISA, MasterCard, American Express, Discover & JCB.

Q: Why is PCI DSS Compliance so important?

A: The PCI DSS was created to prevent credit card fraud and to secure sensitive credit card information that merchants deal with. The idea of the standard is to ensure that merchants are doing their best to protect their customer credit card information. The penalties for noncompliance can be deadly to a small business. Noncompliance results in the payment brands (VISA, MasterCard, American Express, Discover & JCB) issuing a fine between $5,000 to $100,000 per month to the acquiring bank. In most cases the acquiring bank will then pass these fines onto the merchant, terminate the merchant or increase the merchant’s transaction fees significantly.

Q: Do I need to be PCI DSS Compliant to run an online store?

A: If you process, transmit or store credit card information then you will be required to be PCI DSS Compliant.

Q: I’ve never heard of this and have been running an online business for years with no problems. Is this all just jargon?

A: The payment brands as well as your acquiring bank can choose to audit your online business at their discretion. The PCI DSS has been in motion since 2004 and even though Banks are often slow movers they are beginning to understand the importance of PCI DSS Compliance. Banks are issued with heavy fines for boarding non compliant merchants and it’s in there best interest to protect themselves. It’s always better to protect your customer information as much as possible and also protect yourself from the penalties that are imposed for noncompliance.

With the common questions out of the way let’s move onto some explanations.

Do I need to be PCI DSS Compliant?

The Payment Card Industry Security Standards Council states that:

“PCI DSS requirements are applicable if a Primary Account Number (PAN) is stored, processed, or transmitted. If PAN is not stored, processed or transmitted, PCI DSS requirements do not apply.” – PCI Security Standards Council (Article #5378)

The PAN specifically refers to your customer’s credit card number. If your shopping cart or billing software requires you to store the credit card information locally on your own servers then you will be required to follow the PCI DSS requirements. If you are processing or transmitting your customer’s credit card numbers across your network, over the phone or even to a third party provider then you will once again be required to follow the PCI DSS requirements.

A lot of merchants will feel that they do not need to follow the PCI DSS requirements because they do not store any credit card numbers locally on their systems. This is a common misconception and it’s important to understand exactly what “processing” and “transmitting” credit card numbers actually means. A primary example is that of a company that accepts credit card numbers from their customers over the phone. The company may not be storing the customer’s credit card number locally but they are still receiving the credit card number from the customer in an unencrypted form. After the representative receives the customer’s credit card number over the phone they will then (in most cases) enter the credit card number and customer details into a payment application which will send the credit card number directly to a Payment Gateway (such as Merchant Warrior). It is at this point that the merchant is “transmitting” the PAN (credit card number) and as such is still required to follow the PCI DSS requirements.

There are levels of compliance and it’s important to know where you factor into these levels. The following table is an extract from the PCI Security Standards Council FAQ:

http://usa.visa.com/merchants/risk_management/cisp_merchants.html

Slow down! What’s a QSA? What’s this SAQ? What’s an ASV?

A QSA is simply a bunch of people who are not very nice. That’s what you’d expect anyway considering they are auditors. Merchant Warrior were lucky enough to work with Securus Global who seem to have a bit of life to them and were readily available to assist us in achieving our Tier 1 PCI DSS Compliance. QSA’s carry out on-site audits or consultation to help merchants or providers achieve PCI DSS Compliance.

SAQ refers to a Self Assessment Questionnaire. This is a document which has a list of requirements that merchants should be following. The SAQ must be filled in and submitted to either your bank or your QSA for verification. It’s best to check with your bank for exactly what your PCI DSS requirements are as they change from bank to bank.

ASV – it’s all in the name. An approved scanning vendor – they simply provide merchants with network scans to make sure that your basic external security is in tact. We choose to use McAfee Secure but there are many other ASV’s available and a list can be found here.

There are ways to reduce the risk of credit card fraud and even exclude your online business from being subject to the PCI DSS requirements. We’ll discuss this in the next section but before proceeding it’s important to note that although PCI DSS requirements may not apply to you, you should still secure your network and payment applications to the best of your ability. There is a major difference between being secure and being PCI DSS Compliant.

How can I achieve PCI DSS Compliance?

Merchant Warrior provides merchants with a number of products to help them achieve and maintain the highest level of PCI DSS Compliance. In case you’re wondering what allows us to develop and market PCI DSS Compliant products – it’s the fact that we are a certified level 1 PCI DSS Compliant payment provider. A certificate that verifies this can be found here.

The first step in achieving PCI DSS Compliance is working out exactly what personal customer information your business is required to keep on file. Do you really need to store credit card details of your customers? If not – then don’t do it. Business owners often like to have as much information on customers as possible and this is completely understandable but storing the first and last 4 digits of a credit card number instead of the entire number for verification purposes is more than enough. Where possible keep your storage of ANY credit card information to an absolute minimal if any. Some business models or payment applications may require that the credit card number be accessible. Merchant Warrior provides storage facilities such as Token Payments to help merchants access credit card data without the requirement to store the data themselves. Please read the Token Payments page for further details.

So you’ve managed to get storage out of the way. Here’s a quick question to make sure you’re still paying attention – Now that you’re no longer “storing” any credit card information are you PCI DSS Compliant? NO! (highlight to the left of the brackets to see the answer).

It’s time to find how to avoid “processing” and “transmitting” credit card details. Merchant Warrior has two products which help merchants completely avoid processing or transmitting credit card details. The first of the two products is Hosted Payments. Put simply Merchant Warrior hosts a payment page on behalf of the merchant and when customers click the “checkout” or “process” button on the merchants website, they are redirected to the payment page that we host for the merchant. In this scenario the merchant never accepts or transmits any credit card information as all of this is handled by Merchant Warrior due to the payment page being hosted on our servers.

Right now there will be some merchants saying “Yes. I know about a hosted payment page. I hate it – I want the hosted payment page to be completely re-branded so that it looks like my website and doesn’t cause any confusion or generate any fear for my customers.” We heard you. That’s why with our Custom Development merchants are able to request a completely custom hosted payment page. We’ll design the page exactly as specified to us by the merchant.

Whoops. We’ve forgotten something. Some merchants right now are upset and are saying “I’m not paying for you to design my hosted payment page. I have my own development team and they’re damn good at what they do. Why on earth should I use you? Give me another option.” – Sure. We heard you too. For merchants that aren’t worried about diving into easy development we have a Transparent Redirect product which gives merchants all the benefits of a Hosted Payment Page except that they are able to host the page themselves and have it completely designed as they like. We won’t get into the technical aspects of this product and how it achieves PCI DSS Compliance and avoids merchants having to store, process or transmit any credit card data we’ll just leave it to you to check out the Transparent Redirect page because it explains how this is achieved.

It’s that easy! By choosing Merchant Warrior you can achieve PCI DSS Compliance in a number of ways and keep it simple. We have off the shelf products that can help as well as completely custom designed solutions that can be catered to your exact specifications. If you’re curious about PCI DSS Compliance and require some consultation we’re happy to put you in touch with our amazing QSA – Securus Global.

Please be honest. What do I get from this?

Honesty IS the best policy so here’s your answer: Achieving PCI DSS Compliance for your business should not be a question, it should be a necessity. Customers that deal with PCI Compliant online stores often feel a sense of safety as they know the merchant is doing what is required to ensure that their credit card information is stored, processed and/or transmitted securely at all times. Your bank will move quicker in establishing your merchant account once they recognize your level of compliance and willingness to protect your customers and you avoid heavy fines that could potentially put you out of business should a breach occur and noncompliance be the reason. All in all PCI DSS Compliance is not the devil – it’s here to help us as everyday online shoppers continue to do what we do freely in a secure environment.

Choosing Merchant Warrior as your PCI DSS companion will ease the process of establishing your business as a PCI DSS Compliant provider.

So you’re new to the online business? You’ve just wandered into the online space and want to begin trading online. So you pull out a checklist and start crossing off your items:

• Business Registration
• Domain Registration
• Web Design
  
• Shopping Cart
• Accept Payments Online – how?

You’re now ready to start integrating your website into a Payment Gateway such as Merchant Warrior. In order to begin trading online you will require a merchant account. Merchant Warrior will discuss the specific requirements for your business with its Banking Partners to ensure that you receive competitive rates with your very first merchant account.

Many new businesses have their application for a merchant account rejected for a number of different reasons. To ensure that this doesn’t happen to you here’s a list of items that you should complete before applying for a merchant account.

New Merchant Account Checklist

1. Your Website is active and accessible
2. You are the registrant of the domain name
3. Your website displays your business name, ABN (or other Business Registration Number depending on your country), Contact name, location address, landline telephone number and email address?
4. Your website includes the products or services that you are offering and clearly provides the pricing?
5. Your website clearly defines your refund and exchange policy and how transactions can be cancelled?
6. Your website clearly explains how goods will be delivered and time frames?
7. Your website clearly explains your privacy policy and information on how you will protect your customer’s card information? (Ask Merchant Warrior about products that will help you achieve PCI Compliance)
8. Your website clearly explains the measures you have in place to secure card holder information? (Ask Merchant Warrior about products that will help you achieve PCI Compliance)
9. Your payment page is ready for assessment?

These nine simple steps are often what Banks will look for when performing their due diligence on your online business. Following these steps may not guarantee you a successful merchant account application, but it will definitely increase your chances and fast track the application process.

If you need help establishing a merchant account feel free to contact us.

Why?

I believe it’s a common misconception that when a merchant signs up for a Payment Gateway that they will require all of the services that a gateway offers. A prime example is as follows:

Merchant Warrior provides the following services to its clients:

• Batch Payments
• Direct API Integration
• Hosted Payments
• Recurring Payments
• MOTO Payments

How many merchants will actually take advantage of all these services? If you’re one of these merchants we’d love to hear from you! The reality of the matter is that a client that chooses to integrate directly through an API will most definitely not be requiring a Hosted Payment Page let alone any of the other services offered.

It’s for this reason that we made the decision to offer specialised pricing for each of our services. If Banks are able to offer this type of pricing why shouldn’t a Payment Gateway?

With our ability to offer customised solutions bundled with specific product pricing, we believe that our new pricing model will help benefit merchants in a time where minimising expense is essential.

To review our new pricing structure please visit our Pricing Page.