Back to Ganoksin | FAQ | Contact

Advice about accepting credit cards PCI Compliant

I use a processor that demands PCI compliance. They asked me 50
questions once a year and their software checks my computer for

This is my “in a nutshell” remembering of it

You’ve heard about people breaking into a banks computer and
stealing 1 million credit card numbers.

Compliance asks the question(s) “what are you doing to safe keep
your customer info”? And some has to do with storage.

So one is that you don’t keep on file the 4 digit security code in
the same place as the numbers.

Another is in your software (I use QuickBooks) that you change the
password every 90 days (I do).

Where receipts are stored.

Things like that.

Take the assumption YOU ARE compliant.

David Geller

With Square you don’t store the numbers, all but the last 4 are
blanked out when you slide the card, that is in accordance with PCI
compliance. If you type the numbers you are charged a slightly higher
rate. Once the transaction goes through, the card number is erased
from your phone. You shouldn’t have anyone’s card number written down
anywhere. If you use it for phone orders, type it in as you are
talking and it will disappear after the sale goes through.

Here is the commercial merchant agreement for Square. There are two
agreements one for Square and one for “commercial entity”. The
commercial entity agreement allows for occasional auditing for PCI