UK business looking to use CheddarGetter + Payvision - PayPal
Hi
I have seen your recommendation re PayVision as a merchant for EU /
UK and completed the form. We have created a dev account on CG and
like what we see in terms of management via API, clarity of
customer management screens, flexibility of what we can offer using
CG system.....
I'd just like to understand a bit more on the card side of things iro PCI etc.
On the basis we use CG Gateway -> Payvision
Where are card details stored - is it by the CG gateway?
What level of PCI is held for that service?
What PCI compliance level do I need ?
What if that service goes down?
Can we use Payvision OR PayPal depending on customer
preference?
Many thanks
C
Discussions are closed to public comments.
If you need help with Cheddar please
start a new discussion.
Keyboard shortcuts
Generic
| ? | Show this help |
|---|---|
| ESC | Blurs the current field |
Comment Form
| r | Focus the comment reply box |
|---|---|
| ^ + ↩ | Submit the comment |
You can use Command ⌘ instead of Control ^ on Mac
Support Staff 1 Posted by Marc Guyer on 15 Aug, 2011 06:11 PM
Yes, that's correct.
The gateway is certified PCI compliant to the highest possible level (Service Provider Level 1).
That is difficult to answer. You're best course of action would be to consult an expert in PCI compliance who can evaluate your business.
The short answer is if you do not touch credit card data in your system, you may be only required to be level 4 merchant compliant. If you do touch credit card data, you would need to be at least level 3 compliant. Again, you'll need to evaluate this for yourself.
If you use CG's hosted payment pages, it's possible for your system to never touch credit card numbers. If you use a fully integrated solution where you accept credit card numbers, then pass them to CG, you will have an elevated PCI compliance burden.
That depends on your level of integration and what sort of tolerance to connectivity failure you have built into your system. We do everything we can to keep CG's planned downtime to a minimum and maintain highly available systems to help avoid unexpected downtime.
Yes, you can enable your customers to choose between direct credit card and PayPal.
2 Posted by Magali on 18 Aug, 2011 09:35 AM
Hi Marc,
on August 12, you were saying to Richard that at the time, they were down to just Payvision as the only way they could work with you?
When you say now that we can enable our customers to chosse between direct credit card and Paypal, does that mean that you unified all of your Paypal integrations, including WPP?
thanks for your answer
Support Staff 3 Posted by Marc Guyer on 18 Aug, 2011 06:42 PM
The direct credit card in this case would be through the CheddarGateway and Payvision. PayPal payments would be just standard PayPal.
We have a initial WPP integration (which would handle the direct credit card functionality) ready to go but we now are tying that together with PP's new third party permissions functionality.
4 Posted by christina on 19 Aug, 2011 01:05 PM
thanks ...
5 Posted by Magali on 02 Sep, 2011 04:34 PM
thanks a lot for your answer Marc!
we are applying with Payvision, and in one of their form, they are asking questions about 'Cardholder data storage compliance' such as:
What third party software company/vendor did you purchase your Application from? 1) Is it Cheddar Getter?
What is the name of the third party software? Version #? 2) Is it Cheddar Getter?
Do your transactions process through any other third parties, web hosting companies or gateways? 3) If we are using you as a gateway, is the answer yes, and the answer to who is it is Cheddar Getter?
Do you or your vendor receive, pass, transmit or store the full cardholder number, electronically? 4) if you our vendor, should we answer yes to the above question?
If yes, where is card data stored? 5) is the answer to the above question: Merchant, Third Party Only or Both Merchant & Third Party?
Are you or your vendor PCI/DSS (Payment Card Industry/Data Security Standard) compliant? 6) I guess the answer to the above is YES
What is the name of your Qualified Security Assessor? 7) What should we answer here?
Date of compliance: 8) What should we answer here?
Date of last scan: 9) What should we answer here?
Many thanks for your help !
Support Staff 6 Posted by Marc Guyer on 06 Sep, 2011 02:36 PM
Yes.
CheddarGetter -- no version
It's actually CheddarGateway, an NMI gateway.
Cardholder data is stored in the NMI gateway.
Third party. NMI.
Yes, NMI is level 1 service provider pci compliant.
What is the name of your Qualified Security Assessor? 7) What should we answer here? Date of compliance: 8) What should we answer here? Date of last scan: 9) What should we answer here?
NMI (Network Merchants) is listed on the public PCI registry.
7 Posted by Magali on 07 Sep, 2011 02:00 PM
thanks for taking the time to answer me!
Marc Guyer closed this discussion on 07 Sep, 2011 03:17 PM.