UK business looking to use CheddarGetter + Payvision - PayPal

christina's Avatar

christina

14 Aug, 2011 06:40 AM

Hi
I have seen your recommendation re PayVision as a merchant for EU / UK and completed the form. We have created a dev account on CG and like what we see in terms of management via API, clarity of customer management screens, flexibility of what we can offer using CG system.....

I'd just like to understand a bit more on the card side of things iro PCI etc.

On the basis we use CG Gateway -> Payvision

Where are card details stored - is it by the CG gateway?
What level of PCI is held for that service?
What PCI compliance level do I need ?
What if that service goes down?
Can we use Payvision OR PayPal depending on customer preference?

Many thanks
C

  1. Support Staff 1 Posted by Marc Guyer on 15 Aug, 2011 06:11 PM

    Marc Guyer's Avatar

    Where are card details stored - is it by the CG gateway?

    Yes, that's correct.

    What level of PCI is held for that service?

    The gateway is certified PCI compliant to the highest possible level (Service Provider Level 1).

    What PCI compliance level do I need ?

    That is difficult to answer. You're best course of action would be to consult an expert in PCI compliance who can evaluate your business.

    The short answer is if you do not touch credit card data in your system, you may be only required to be level 4 merchant compliant. If you do touch credit card data, you would need to be at least level 3 compliant. Again, you'll need to evaluate this for yourself.

    If you use CG's hosted payment pages, it's possible for your system to never touch credit card numbers. If you use a fully integrated solution where you accept credit card numbers, then pass them to CG, you will have an elevated PCI compliance burden.

    What if that service goes down?

    That depends on your level of integration and what sort of tolerance to connectivity failure you have built into your system. We do everything we can to keep CG's planned downtime to a minimum and maintain highly available systems to help avoid unexpected downtime.

    Can we use Payvision OR PayPal depending on customer preference?

    Yes, you can enable your customers to choose between direct credit card and PayPal.

  2. 2 Posted by Magali on 18 Aug, 2011 09:35 AM

    Magali's Avatar

    Hi Marc,

    on August 12, you were saying to Richard that at the time, they were down to just Payvision as the only way they could work with you?
    When you say now that we can enable our customers to chosse between direct credit card and Paypal, does that mean that you unified all of your Paypal integrations, including WPP?
    thanks for your answer

  3. Support Staff 3 Posted by Marc Guyer on 18 Aug, 2011 06:42 PM

    Marc Guyer's Avatar

    The direct credit card in this case would be through the CheddarGateway and Payvision. PayPal payments would be just standard PayPal.

    We have a initial WPP integration (which would handle the direct credit card functionality) ready to go but we now are tying that together with PP's new third party permissions functionality.

  4. 4 Posted by christina on 19 Aug, 2011 01:05 PM

    christina's Avatar

    thanks ...

  5. 5 Posted by Magali on 02 Sep, 2011 04:34 PM

    Magali's Avatar

    thanks a lot for your answer Marc!

    we are applying with Payvision, and in one of their form, they are asking questions about 'Cardholder data storage compliance' such as:

    • What third party software company/vendor did you purchase your Application from? 1) Is it Cheddar Getter?

    • What is the name of the third party software? Version #? 2) Is it Cheddar Getter?

    • Do your transactions process through any other third parties, web hosting companies or gateways? 3) If we are using you as a gateway, is the answer yes, and the answer to who is it is Cheddar Getter?

    • Do you or your vendor receive, pass, transmit or store the full cardholder number, electronically? 4) if you our vendor, should we answer yes to the above question?

    • If yes, where is card data stored? 5) is the answer to the above question: Merchant, Third Party Only or Both Merchant & Third Party?

    • Are you or your vendor PCI/DSS (Payment Card Industry/Data Security Standard) compliant? 6) I guess the answer to the above is YES

    • What is the name of your Qualified Security Assessor? 7) What should we answer here?

    • Date of compliance: 8) What should we answer here?

    • Date of last scan: 9) What should we answer here?

    Many thanks for your help !

  6. Support Staff 6 Posted by Marc Guyer on 06 Sep, 2011 02:36 PM

    Marc Guyer's Avatar

    What third party software company/vendor did you purchase your Application from? 1) Is it Cheddar Getter?

    Yes.

    What is the name of the third party software? Version #? 2) Is it Cheddar Getter?

    CheddarGetter -- no version

    Do your transactions process through any other third parties, web hosting companies or gateways? 3) If we are using you as a gateway, is the answer yes, and the answer to who is it is Cheddar Getter?

    It's actually CheddarGateway, an NMI gateway.

    Do you or your vendor receive, pass, transmit or store the full cardholder number, electronically? 4) if you our vendor, should we answer yes to the above question?

    Cardholder data is stored in the NMI gateway.

    If yes, where is card data stored? 5) is the answer to the above question: Merchant, Third Party Only or Both Merchant & Third Party?

    Third party. NMI.

    Are you or your vendor PCI/DSS (Payment Card Industry/Data Security Standard) compliant? 6) I guess the answer to the above is YES

    Yes, NMI is level 1 service provider pci compliant.

    What is the name of your Qualified Security Assessor? 7) What should we answer here? Date of compliance: 8) What should we answer here? Date of last scan: 9) What should we answer here?

    NMI (Network Merchants) is listed on the public PCI registry.

  7. 7 Posted by Magali on 07 Sep, 2011 02:00 PM

    Magali's Avatar

    thanks for taking the time to answer me!

  8. Marc Guyer closed this discussion on 07 Sep, 2011 03:17 PM.

Discussions are closed to public comments.
If you need help with Cheddar please start a new discussion.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac

Recent Discussions

28 Mar, 2024 10:45 PM
24 Jan, 2024 08:33 AM
11 Jan, 2024 07:13 AM
30 Nov, 2023 02:07 AM
22 Nov, 2023 08:41 AM