visa pci dss compliance

Virtuemart 2

Posted by

0

MW Payment Module Available!

Joomla! fans it’s time to get yourself updated to the latest version of VirtueMart and be able to accept payments via the Merchant Warrior Payment Gateway.

What is VirtueMart?

“With its fully-featured eCommerce engine, VirtueMart is perfect to sell your Goods online and drive your Business to new Heights. Despite being Open Source Software it powers large Online Shops providing the Performance, Usability and Security you expect from professional Software.

VirtueMart is the leading Online-Shop Solution for Joomla! (more than 2.5 Million Downloads so far).

And the Best: it’s free! You can download, use and modify it without any Restrictions (License: GNU/GPL) – just as Joomla!.”VirtueMart

VirtueMart 2 Payment Extension

Installation of the Merchant Warrior VirtueMart 2 payment extension is simple. Download the Merchant Warrior VirtueMart 2 payment extension here.

Navigate to your “Extension Manager” in your Joomla! Administration Panel and upload and install the module.virtuemart2.zip package:

Navigate to your “Plug-ins Manager” in your Joomla! Administration Panel and enable the “VM – Payment, Merchant Warrior” plugin:

Navigate to your VirtueMart 2 store Administration Panel and create a new “Payment Method” that uses the “VM – Payment, Merchant Warrior” payment method:

Configure the Merchant Warrior payment method with your merchant settings:

Easy!

That is all it takes to prepare your VirtueMart 2 store to take credit card payments with Australia’s Best Payment Gateway.

PrestaShop Addon

Posted by

0


logo-prestashop
MW adds PrestaShop Support

There is no better way to start this post than by thanking our merchants for their patience while we prepared this module. We are excited to offer our new PrestaShop module to the public and hope that the PrestaShop team will shortly have it listed in their addons shop for FREE.

The Merchant Warrior PrestaShop Addon supports both the Direct API and Transparent Redirect services and also supports multiple currencies. The Transparent Redirect integration with PrestaShop will ensure that you remain PCI DSS compliant when processing payments from your online store.

What is PrestaShop?

“PrestaShop consists of 100 developers, designers, and professional e-commerce addicts. Headquartered in Paris and Miami, we are a leader in everything e-commerce and are committed to staying free and Open-source. As most developers know, inspiration begins with your customers. Each merchant and community member carries out projects large and small that contribute to not only their personal growth, but also the growth of PrestaShop. We continue to work hand-in-hand with the community and are passionate about creating features, modules, and templates according to their needs. The success of our software is thanks to countless hours by numerous contributors from around the world. We want to make sure every merchant is successful and in the process we ensure it is easy to sell online by providing over 275 features and an overall software that can be customized to each business’ needs.”  –PrestaShop

Why choose PrestaShop?

  • Winner of the 2011 Open-source Business Application award
  • Over 100,000 stores
  • 300,000 active community members and growing!
  • #1 Open-source shopping cart
  • Available in 41 languages
  • Strong global presence with stores in over 150 countries
  • 1,500 downloads per day

Installation is easy!

MODULE AVAILABLE HERE.

Once you have completed the installation of your PrestaShop cart adding the Merchant Warrior module to your installation is extremely simple. Unzip the contents of the zip file into the ‘modules’ directory of your PrestaShop directory and configure the options in your PrestaShop back office as seen in the screenshots below:

Get me started!

The PrestaShop Addon is available via the Merchant Warrior Developer Zone or via a direct link here. Hopefully in time the PrestaShop team will make the module available for FREE via the PrestaShop Addons shop.

PCI DSS v2.0

Posted by

0

logo-pci

Each year we have an onsite audit completed by our registered QSA (Securus Global) in order to ensure that all components of our payment platform including our business processes are PCI DSS compliant.

Tier 1 PCI DSS v2.0 – Certified!

In August 2010 the PCI SSC announced that the PCI DSS v2.0 would be published in October of 2010. A list of changes that have been made between PCI DSS v1.2 and PCI DSS v2.0 can be found here.

Thanks to the efforts of all staff we have been certified by Securus Global as a Tier 1 PCI DSS v2.0 payment gateway.

Merchants that take advantage of the Merchant Warrior payment platform can rest assured that all products have been thoroughly assessed and will continue to maintain the highest level of compliance.

The introduction of our Token Payments solution (including Tokenized Batch Payments), Transparent Redirect and Hosted Payments has aided a number of organizations in maintaining the highest level of compliance and reducing the costs that are associated with the PCI DSS.

We owe a great deal of thanks to the support that we have received from our acquiring partners (National Australia Bank, Westpac Banking Group, Australia & New Zealand Banking Group Limited, Commonwealth Bank of Australia), our merchants and of course our QSA – Securus Global.

MW Batch Payments!

Posted by

0

Batch Payments REVAMPED

Merchant Warrior - Batch Payments

What are Batch Payments?

Merchant Warrior’s Batch Payments offers merchants a simple way to process a large number of offline or periodic transactions. If your business is processing large volumes of subscriptions, membership fees or installment fees then you will already be using a Batch Payments solution or you should be.

Batch Payments are processed by a merchant compiling a file which contains a list of the transactions which need to be processed for a specific period. This file is then submitted to a Payment Gateway for processing. A solution such as Merchant Warrior’s Batch Payments is a much more efficient method of processing transactions when you are dealing with a high volume of transactions.

Why Merchant Warrior Batch Payments?

Merchant Warrior offers its merchants two methods of processing Batch Payments:

  • Manual upload via the Merchant Warrior administration panel
  • Merchant Warrior’s advanced Direct API platform

Both of these batch processing methods support .csv (comma separated value), .xls (microsoft excel 94-2004) and .xlsx (microsoft excel 2007) file formats.

In the past Batch Payments often meant that merchants were dealing with complex file formats, slow transmission methods and the requirement to poll a service to identify whether the batch file had been processed or not. Have no fear – we will not put you through that pain again.

Merchant Warrior’s Batch Payments enables merchants to work with simple file formats which can be integrated into any periodic billing system whether it be for a small business or corporate.

Merchants have the ability to request and receive automatic notifications when a batch file has completed processing and have the resulting batch file compressed (if required). Reports can be emailed upon batch processing completion, are archived indefinitely and can be easily accessed via the Merchant Warrior administration panel or Direct API.

Batch Payments & PCI DSS?

Yes, we do our math. Our team works hard to ensure that we supply our merchants with the best solutions in the industry.

The Merchant Warrior Batch Payments solution supports our extremely popular Token Payments service. Rather than be required to store your customer’s credit card information locally you can simply submit a batch file to the Merchant Warrior Direct API or merchant administration panel filled with Tokens (see Merchant Warrior Token Payments for more information).

What’s next?

There are a lot of new features and updates that we are performing to our processing platform. Our aim has always and will always be to offer our clients the best payment solutions in the industry that ease their integrations, ensure their PCI DSS Compliance and increase their processing security.

We believe our Batch Payments revamp is a step forward for our processing platform and one that will encourage merchants to take advantage of our advanced Payment Gateway and customer focused services. In short – our merchants love it, we hope you do too!

For further information visit Merchant Warrior Batch Payments. Sample batch files and integration documentation can be found at the Merchant Warrior Developer Zone.

PCI Compliant Yet Again

Posted by

2

YOUR Security is OUR Duty

It may not be the most exciting news but it’s definitely worth a mention – last week we were approved as a Tier 1 PCI DSS Compliant Payment Provider again. It’s important for us to mention this to our clients and to the public as we take PCI DSS seriously. Each year we undergo an on-site audit by our professional QSA – Securus Global. Each of our products, services and environments are audited to ensure that our practices are PCI DSS Compliant and that we protect our merchant information in every way possible.

We undergo this on-site audit for three major reasons:

  1. Obviously, it’s a requirement.
  2. We like to ensure that each product and service that we develop meets the requirements of the PCI DSS.
  3. It’s important to us that we provide our merchants with the most secure platform to process transactions under.

It’s no secret that Merchant Warrior is working behind the scenes to produce new technologies to enhance the Payment Industry. However, we do have a few secrets in regards to the products and features which we will be releasing later this year. Our merchants are in for a pleasant surprise! Now that our new features and services have been given the tick of approval all that’s left is intense Quality Assurance and Software Testing before we release these exciting features to the public.

In the meantime I would like to thank Securus Global for completing yet another successful on-site audit with our team. The audit was handled in an extremely professional manner and no disruptions to important schedules took place – and for that we are extremely grateful. Also, to the team – I’d like to thank you for being well prepared and having all in order, making it a simple task for Securus Global to complete the audit. Well done!

For all merchants that would like to view our new certificate of compliance click here.

Now, I mentioned earlier that we take the PCI DSS seriously, and in all honesty we do. But the next comment is directed to the PCI Council – “Why?” and it relates the following video which is available on their website.

Just a warning – you may not take the PCI DSS seriously after you view this video.

PCI Compliance In A Nutshell

Posted by

1

What is PCI DSS Compliance?

At some point during the running of your online store you will most definitely be asked some of the following questions: “Are you PCI Compliant?”, “What level of compliance do you adhere to?”, “Have you filled out your Self Assessment Questionnaire?”. The list can go on but in order to answer these questions correctly it’s best to know exactly what is being asked and to understand what PCI DSS Compliance is all about and the importance that this has upon you as a merchant.

Let’s get some of the common questions out of the way in bullet form and then we’ll move onto explanations:

Q: What does PCI DSS Compliance stand for?

A: PCI DSS stands for “Payment Card Industry Data Security Standard” which is governed by the Payment Card Industry Security Standards Council. The PCI DSS is supported by VISA, MasterCard, American Express, Discover & JCB.

Q: Why is PCI DSS Compliance so important?

A: The PCI DSS was created to prevent credit card fraud and to secure sensitive credit card information that merchants deal with. The idea of the standard is to ensure that merchants are doing their best to protect their customer credit card information. The penalties for noncompliance can be deadly to a small business. Noncompliance results in the payment brands (VISA, MasterCard, American Express, Discover & JCB) issuing a fine between $5,000 to $100,000 per month to the acquiring bank. In most cases the acquiring bank will then pass these fines onto the merchant, terminate the merchant or increase the merchant’s transaction fees significantly.

Q: Do I need to be PCI DSS Compliant to run an online store?

A: If you process, transmit or store credit card information then you will be required to be PCI DSS Compliant.

Q: I’ve never heard of this and have been running an online business for years with no problems. Is this all just jargon?

A: The payment brands as well as your acquiring bank can choose to audit your online business at their discretion. The PCI DSS has been in motion since 2004 and even though Banks are often slow movers they are beginning to understand the importance of PCI DSS Compliance. Banks are issued with heavy fines for boarding non compliant merchants and it’s in there best interest to protect themselves. It’s always better to protect your customer information as much as possible and also protect yourself from the penalties that are imposed for noncompliance.

With the common questions out of the way let’s move onto some explanations.

Do I need to be PCI DSS Compliant?

The Payment Card Industry Security Standards Council states that:

“PCI DSS requirements are applicable if a Primary Account Number (PAN) is stored, processed, or transmitted. If PAN is not stored, processed or transmitted, PCI DSS requirements do not apply.”PCI Security Standards Council (Article #5378)

The PAN specifically refers to your customer’s credit card number. If your shopping cart or billing software requires you to store the credit card information locally on your own servers then you will be required to follow the PCI DSS requirements. If you are processing or transmitting your customer’s credit card numbers across your network, over the phone or even to a third party provider then you will once again be required to follow the PCI DSS requirements.

A lot of merchants will feel that they do not need to follow the PCI DSS requirements because they do not store any credit card numbers locally on their systems. This is a common misconception and it’s important to understand exactly what “processing” and “transmitting” credit card numbers actually means. A primary example is that of a company that accepts credit card numbers from their customers over the phone. The company may not be storing the customer’s credit card number locally but they are still receiving the credit card number from the customer in an unencrypted form. After the representative receives the customer’s credit card number over the phone they will then (in most cases) enter the credit card number and customer details into a payment application which will send the credit card number directly to a Payment Gateway (such as Merchant Warrior). It is at this point that the merchant is “transmitting” the PAN (credit card number) and as such is still required to follow the PCI DSS requirements.

There are levels of compliance and it’s important to know where you factor into these levels. The following table is an extract from the PCI Security Standards Council FAQ:

Level/Tier Merchant Criteria Validation Requirements
1 Merchants processing over 6 million Visa transactions annually (all channels) or Global merchants identified as Level 1 by any Visa region.
  • Annual Report on Compliance (“ROC”) by Qualified Security Assessor (“QSA”)
  • Quarterly network scan by Approved Scan Vendor (“ASV”)
  • Attestation of Compliance Form
2 Merchants processing 1 million to 6 million Visa transactions annually (all channels)
  • Annual Self-Assessment Questionnaire (“SAQ”)
  • Quarterly network scan by ASV
  • Attestation of Compliance Form
3 Merchants processing 20,000 to 1 million Visa e-commerce transactions annually
  • Annual SAQ
  • Quarterly network scan by ASV
  • Attestation of Compliance Form
4 Merchants processing less than 20,000 Visa e-commerce transactions annually and all other merchants processing up to 1 million Visa transactions annually
  • Annual SAQ recommended
  • Quarterly network scan by ASV if applicable
  • Compliance validation requirements set by acquirer

http://usa.visa.com/merchants/risk_management/cisp_merchants.html

Slow down! What’s a QSA? What’s this SAQ? What’s an ASV?

A QSA is simply a bunch of people who are not very nice. That’s what you’d expect anyway considering they are auditors. Merchant Warrior were lucky enough to work with Securus Global who seem to have a bit of life to them and were readily available to assist us in achieving our Tier 1 PCI DSS Compliance. QSA’s carry out on-site audits or consultation to help merchants or providers achieve PCI DSS Compliance.

SAQ refers to a Self Assessment Questionnaire. This is a document which has a list of requirements that merchants should be following. The SAQ must be filled in and submitted to either your bank or your QSA for verification. It’s best to check with your bank for exactly what your PCI DSS requirements are as they change from bank to bank.

ASV – it’s all in the name. An approved scanning vendor – they simply provide merchants with network scans to make sure that your basic external security is in tact. We choose to use McAfee Secure but there are many other ASV’s available and a list can be found here.

There are ways to reduce the risk of credit card fraud and even exclude your online business from being subject to the PCI DSS requirements. We’ll discuss this in the next section but before proceeding it’s important to note that although PCI DSS requirements may not apply to you, you should still secure your network and payment applications to the best of your ability. There is a major difference between being secure and being PCI DSS Compliant.

How can I achieve PCI DSS Compliance?

Merchant Warrior provides merchants with a number of products to help them achieve and maintain the highest level of PCI DSS Compliance. In case you’re wondering what allows us to develop and market PCI DSS Compliant products – it’s the fact that we are a certified level 1 PCI DSS Compliant payment provider. A certificate that verifies this can be found here.

The first step in achieving PCI DSS Compliance is working out exactly what personal customer information your business is required to keep on file. Do you really need to store credit card details of your customers? If not – then don’t do it. Business owners often like to have as much information on customers as possible and this is completely understandable but storing the first and last 4 digits of a credit card number instead of the entire number for verification purposes is more than enough. Where possible keep your storage of ANY credit card information to an absolute minimal if any. Some business models or payment applications may require that the credit card number be accessible. Merchant Warrior provides storage facilities such as Token Payments to help merchants access credit card data without the requirement to store the data themselves. Please read the Token Payments page for further details.

So you’ve managed to get storage out of the way. Here’s a quick question to make sure you’re still paying attention – Now that you’re no longer “storing” any credit card information are you PCI DSS Compliant? NO! (highlight to the left of the brackets to see the answer).

It’s time to find how to avoid “processing” and “transmitting” credit card details. Merchant Warrior has two products which help merchants completely avoid processing or transmitting credit card details. The first of the two products is Hosted Payments. Put simply Merchant Warrior hosts a payment page on behalf of the merchant and when customers click the “checkout” or “process” button on the merchants website, they are redirected to the payment page that we host for the merchant. In this scenario the merchant never accepts or transmits any credit card information as all of this is handled by Merchant Warrior due to the payment page being hosted on our servers.

Right now there will be some merchants saying “Yes. I know about a hosted payment page. I hate it – I want the hosted payment page to be completely re-branded so that it looks like my website and doesn’t cause any confusion or generate any fear for my customers.” We heard you. That’s why with our Custom Development merchants are able to request a completely custom hosted payment page. We’ll design the page exactly as specified to us by the merchant.

Whoops. We’ve forgotten something. Some merchants right now are upset and are saying “I’m not paying for you to design my hosted payment page. I have my own development team and they’re damn good at what they do. Why on earth should I use you? Give me another option.” – Sure. We heard you too. For merchants that aren’t worried about diving into easy development we have a Transparent Redirect product which gives merchants all the benefits of a Hosted Payment Page except that they are able to host the page themselves and have it completely designed as they like. We won’t get into the technical aspects of this product and how it achieves PCI DSS Compliance and avoids merchants having to store, process or transmit any credit card data we’ll just leave it to you to check out the Transparent Redirect page because it explains how this is achieved.

It’s that easy! By choosing Merchant Warrior you can achieve PCI DSS Compliance in a number of ways and keep it simple. We have off the shelf products that can help as well as completely custom designed solutions that can be catered to your exact specifications. If you’re curious about PCI DSS Compliance and require some consultation we’re happy to put you in touch with our amazing QSA – Securus Global.

Please be honest. What do I get from this?

Honesty IS the best policy so here’s your answer: Achieving PCI DSS Compliance for your business should not be a question, it should be a necessity. Customers that deal with PCI Compliant online stores often feel a sense of safety as they know the merchant is doing what is required to ensure that their credit card information is stored, processed and/or transmitted securely at all times. Your bank will move quicker in establishing your merchant account once they recognize your level of compliance and willingness to protect your customers and you avoid heavy fines that could potentially put you out of business should a breach occur and noncompliance be the reason. All in all PCI DSS Compliance is not the devil – it’s here to help us as everyday online shoppers continue to do what we do freely in a secure environment.

Choosing Merchant Warrior as your PCI DSS companion will ease the process of establishing your business as a PCI DSS Compliant provider.