If you are using your own merchant account and processing through a company like authorized.net then you have complete control over your customer's data. This means you can store the customer's credit card numbers on your database before sending it over to a processor to verify. This isn't recommended since you have to make sure your system is secure. -----Original Message----- From: thelist-admin at lists.evolt.org [mailto:thelist-admin at lists.evolt.org]On Behalf Of Kathy Long Sent: July 1, 2002 1:29 PM To: thelist at lists.evolt.org Cc: Chesna Blazick; Sim Subject: [thelist] Re: Shopping Sites, Credit Cards Keith, To set matters straight about the storing of cc numbers at Gateway, I called B of A to get the facts. I'm not sure how they handled this a year ago which is when we got our gateway, but at present: They do NOT make cc numbers available to their vendors. They are NOT visible or available in the sales history screen - the only thing the merchant can see there is the type of credit card number used. They DO keep credit card numbers in THEIR system accessible by B of A only. I suspect Authorize-net is the same because of my client's inability to retrieve a cc number from them for a transaction he received, but I did not research that one as well to verify. So, it looks like that, at least, the B of A gateway is a good one to recommend for security. Thanks for sharing your PayPal explanations. Those are really good ideas and I hope you don't mind me using them. PayPal is sometimes the only affordable solution for small vendors (though I often tell my clients you probably can NOT afford to get a merchant account), and these explanations can certainly lend to the success of their online sales. I was really happy to hear PayPal has worked for you and will pass that info onto my clients when the need arises. Kathy > Message: 13 > Date: Sun, 30 Jun 2002 20:37:53 -0600 > To: thelist at lists.evolt.org > From: Keith <cache at dowebscentral.com> > Subject: Re: [thelist] Re: Shopping Sites, Credit Cards > Reply-To: thelist at lists.evolt.org > > At 02:17 PM Sunday 6/30/2002, Kathy wrote: > >> because it seems to contradict my personal experience with the B of A >> gateway. We recently tried to retrieve the cc number of one of our >> customers and were told, "Sorry. We don't store those numbers." >> >> I'm curious. What gateways do you know of that do that? Perhaps they are >> ones that I should not recommend. > > I had a B of A shopping cart using a B of A merchant account that I used up > until 6 months ago. The credit card numbers were displayed in the admin's > sales history screen. I've never used Authorize.net. Things may have > changed in those 6 months but federal and state laws defining who owns the > transaction would have had to change also (VISA could of course do that > overnight if they wanted to). > > I do hope you are right!! It would give smaller sites using third party > gateways an advantage over sites who can afford to run their own gateways. > And a major advantage over telephone-order type sales where the card number > is of course given to a faceless voice (I smell web design > opportunities....). Please let us know what you find out. If the rules have > changed they changed to protect the cardholders and websites should be > passing that along to instill confidence. > > FWIW here's a paragraph I use on my sites (a bit more than "it doesn't > matter who I am..." ) > > <quote> > For Your Protection: Payment for download of (REMOVED) is processed through > PayPal, the largest, most secure payment exchange on the Internet. Your > credit card number and billing information will be transmitted directly to > PayPal secure servers for authorization. Your credit card number and > billing information are NEVER revealed to (REMOVED) or it's parent company > (REMOVED) at any time. Paying for your order through PayPal makes your > online purchase as safe as using an ATM. Paying through PayPal is the > safest way to make any online purchase. > </quote> > >> a nightmare because of their member login requirement and ended up with me >> giving up. What good is a secure payment processing system if your buyers >> give up trying? > > I totally agree! That stupid signup crap made sense when PayPal was > strictly person-to-person exchanges. But 90% of their revenue comes from > website sales now and it makes no sense to force people to enter any extra > keystrokes when they're ready to pay. I try to diminish the consumer's pain > with the following statement next to the PayPal button: > > <quote> > If you have never purchased with PayPal before you will be asked to "Sign > Up". Sign up registers your credit card number and billing information with > PayPal so you can join 16 million other shoppers buying on over 40,000 > websites without having to submit your credit card information again. > </quote> > > > Keith -- For unsubscribe and other options, including the Tip Harvester and archive of thelist go to: http://lists.evolt.org Workers of the Web, evolt !