If You Want To Process Credit Cards Through MerchantOS…
You will need to transition away from Authorize.net and on to either MerchantWARE (from Merchant Warehouse) or Element Payment Systems.
What You Need To Do
MerchantWarehouse customers: You will need to get setup on the MerchantWARE gateway and purchase an encrypted credit card swiper from MerchantWarehouse (~$70). Once your new setup is running smoothly you will want to cancel your Authorize.net account. The MerchantWARE gateway is free which should help you offset the new card reader price over time. We will guide you through this entire process and make it as smooth as possible. Give us a call to get started.
Customers using a 3rd party processor along with Authorize.net: You have two options. Sign up for a new merchant account through either Merchant Warehouse or Element. Or have your processor board the ElementPS gateway on to your account. You will also need to purchase an encrypted credit card swiper from ElementPS (~$100). This second option may or may not be an option depending on how your merchant account is setup. Give us a call and we will help you through this process.
Deadline For The Transition
We do not yet have a hard and fast deadline for when we will turn off our integration with Authorize.net. But the day is coming and you should move to change your setup as soon as you are able.
Why Are We Doing This?
To improve our security and limit both your liability and our own regarding credit card fraud. Read on to learn more…
Going Beyond Payment Card Industry (PCI) Compliance
We’ve been working very hard over the last several months to make MerchantOS comply with PCI regulations. We ended up with a method to protect card holder data to such an extreme that it makes card data compromise from MerchantOS all but impossible. The methods we are using are so simple and secure, they will certainly become much more common in the future of payment processing.
MerchantOS No Longer Handles Cardholder Data
You might be wondering if MerchantOS no longer handles cardholder data, how on earth are they running my customer’s credit cards? We do it by working with payment processing gateways like the one made by Element Payments. These gateways only work with special credit card readers. The credit card readers encrypt credit card data with a key before the data leaves the device and goes on to your computer. MerchantOS has no way to decrypt this data. We just pass the encrypted data along to the payment gateway along with additional information about the transaction. Only the payment gateway has the necessary key to decrypt the data after which they let us know if the transaction is authorized.
What This Means For You
You will still need to maintain PCI compliance since you are handling credit cards. This new method may reduce the rigor of the requirements necessary to make your shop PCI compliant. You would have to ask your merchant processor what level of requirements you would need to fulfill with your chosen gateway.
What This Means For MerchantOS
We are devoted to protecting your information and we spend a lot of our resources on security. We meet or exceed many of the requirements to be PCI compliant. MerchantOS however will not be certified PCI compliant. PCI compliance is designed to protect cardholder data and since we no longer handle cardholder data we are outside the scope of these regulations.