No announcement yet.

Taking Credit Cards

  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Re: Taking Credit Cards

    Bank of America money in my account by 12:00 a.m.


    • #17
      Re: Taking Credit Cards

      Bill I just wanted to do a quick follow up on your comments.

      Originally posted by OkieBill View Post

      1. I did not ask "IF" it could be done I was asking for real world examples of where Square and its security have been compromised in the real world as it has been in operation for 2 years.
      Here is a link to a group that created a Trojan that listens and looks for Credit Card transactions on the Droid Platform. You wanted to know if it has been done. Yes, it has, as a security protocol test.

      Android Trojan captures credit card details | thinq_

      Originally posted by OkieBill View Post
      2. The hardware level encryption of your current system is just as vulnerable to brute force attack as software encryption albeit one will take significantly longer then the other..
      As of 2010, the POS terminals only hold data until they are settled, then the data is dumped. It is part of the PCI compliance act. To date there has been no reported hack for transmitted data from terminal to processor.

      I am an agreement with you the actual terminal can be hacked as stand alone item, until its settled. So in this case if your running around with a portable unit for a week and then settle on Friday afternoon, yeah all the information stored on that card reader could be hacked. Our policy in our company is simple. The portable units are locked in a safe, and only pulled out when we know a customer is going to pay with a credit card. When that card reader comes back, its settled and locked up again. The other issue with a stand alone POS is the ability to credit back money on a debit card for example. Our units are password protected for that feature and only myself and my office manager have the ability to access that part of the machine. Again the machine would have to be stolen from a truck during the day, which would give us the opportunity to notify everyone in a pretty short period of time. Also since only one person at a time is issued these machines, we have a control in effect that would let us know exactly who was in charge of a unit if some type of fraud occurred during a shift.

      To take it one step further, POS systems, for example software based sales systems in a restaurant have been hacked, and thats a software hack. The issues is the terminal based card swipe is integrated into the POS system and designed to retain customer information, for marketing purposes. Now thats a potential breach, and there are countless articles on the net on compromised POS integrated software packages.

      Bill I will make one suggestion that may make you re-think the use of Square. As of 2010, (merchants like you, me and others) must be PCI compliant with regards to credit card use if you want the protection of the industry. As of current Dongle operated credit card systems, Square being one of them, is not.

      Here is the latest list of compliant Credit Card Processors put out by VISA, for using there service.. Square is not listed.

      Also for your review is a Q&A on PCI compliance that you may find of interest.

      PCI Compliance Guide Frequently Asked Questions

      For yucks, while writing this response I contacted Intuit, as they have just started a Dongle card processing service. Since we are a QuickBooks Pro user and have an unlimited tech support account I figured I would see what they have to say about it. At first the Rep said they were compliant. When I pointed out that they were not, they said "no", we are compliant under the name Intuit. I told them I was looking at the list and the only compliance under Intuit dealt with the QuickBooks software packages and not the Dongle. They put me on hold came back on and said that they were not complaint, but that they used the same encryption that the standalone POS units use. (That I knew was B.S.) so I questioned them on that and they turned me over to a supervisor. When she supervisor came on, she said that they were not PCI compliant. Did not use the same encryption technology. So I asked this question.

      "If we use your Dongle, and the smart phone is hacked and our customers data is compromised, used in fraud, is Intuit going to absorb any potential financial responsibility that we may incur, because the dongle is not PCI compliant?"

      She put me on hold for about ten minutes and said, "No we would not be responsible for any losses that may occur because the Droid or other smart phone platforms is open source."

      Bill here lies the problem. If your customers information is hacked from you, and it is determined that you are not using a PCI compliant card service, you can be held legally responsible for the losses,legal fees etc. Even though your customer is protected by federal law up to $50.00 on the card, the card service company, Visa, MasterCard, AE, etc... can come after you for the lost money.

      The logical solution to this problem would be to turn it over to your insurance company and let them absorb the loss. Unfortunately, (at least with our policy, and that's with Hartford) those losses will not be supported by the policy if we are not following the PCI compliance guidelines. I highly recommend that anyone that reads this blog take the time to check with there insurance carrier, underwriter, broker and ask this simple question.

      "If my customers credit card information is stolen from our card service system and we are not PCI Industry Compliant, are we protected from potential losses, ie refunding any potential lost money back to the Credit Card processor?"

      Bill my policy says no. I had a couple of other merchants I know ask the same question with there policy holders and the answer for them was also no.

      So in my earlier story about my personal $15,000.00 fraud charge. Legally as the customer I would only be held responsible for $50.00 of charges. If I was a merchant using a dongle and the customers information was hacked out of the phone, and $15,000.00 was fraudulently charged, the processor, ie Visa could come after me for that loss and without the protection of my liability insurance policy I would have to cut them a check, or file BK.

      I believe in Smart Phone Technology and its future. However in the case of Dongle based credit card processing I believe this one statement says it all.

      "Great in Theory, Bad in Practice"

      It probably explains why Square is scrambling to come up with a different Dongle that is PCI Compliant.

      Hope this info helps someone.


      • #18
        Re: Taking Credit Cards

        I am gonna try the Square app, I am only taking plastic from big plants that getting a check from is a paperwork nightmare.


        • #19
          Digging up an old topic.
          What are you using to accept credit cards these days?
          I was initially using a swipe reader that my bank gave me. It was fine for a while, but with the proliferation of chip cards it became a pain. I had to manually enter card information for those and of course get charged a higher fee for doing so. The kicker was when they sent me a letter telling me that I MUST get a reader that will accept the chip cards (which they would be happy to sell me for $199 but currently was unavailable )or pay a monthly fine. That prompted me to write a "Go pound sand" letter.
          I ended up with a PayPal reader the does the usual swipe plus chip cards, debit, NFC/Contactless and PayPal. It has a flat rate for processing (unless it's manually keyed in) and no other monthly fees are snuck in. I like it because any payment is instantly in my PayPal account and I can then transfer it to my regular checking account.
          I looked at square, but I heard stories (none I can actually verify) that a chargeback could freeze your account completely for several weeks or months and talking to a live customer service rep is nearly impossible.
          My only problem with the PayPal reader is user error. I sometimes forget to plug it in to charge the battery. But that problem has now been solved with my Ridgid 18Volt USB power source

          I've learned a lot from my past experiences.
          I've learned nothing from my passed experiences.


          • #20
            I've been with square a few years now. i waited 6 months for the chip reader at $50.00. have yet to use it. I still use the swipe or plug in the number for a higher rate. but i'm 99% no credit card. just a few of my customers know i take a card.

            phoebe it is


            • #21
              I'm at probably 20% paying with credit and 75% of those are chip cards. I've had a few debit but no touchless yet.

              I've learned a lot from my past experiences.
              I've learned nothing from my passed experiences.


              • #22
                use an invoice service like invoice2go... I use this ( costs like 15 bucks a year ) and you can accept payment by CC through Stripe, they charge a fairly low rate for the service that you can pass on directly to the customer so you never do the processing of it. ( Sorry if I sound like Im preaching this company... Im seriously not paid by them ) anyways, look into it, its nice to give people the option, and its also nice to be able to electronically submit a invoice, and to know when they have looked a tthat invoice. Ive found it a decent, but not exactlly perfect TBH service.


                • res057
                  res057 commented
                  Editing a comment
                  I just recently added those options to my Quickbooks invoices. People have commented to me that they like the option of hitting the "Pay Now" button, but nobody has done so yet. I was able to root out one wannabe bill dodger when he said he never got the invoice. I knew exactly what time he saw it and how many times. His business is now on the pay at time of completion plan.

              • #23
                I've found it really usefull for those perposes as well


                • #24
                  Take a look at the Venmo app. i use it for some of my tenants to pay me each month.