Credit Card Acceptance Over the Phone

[djxfreedman at gmail.com (David Freedman)]

Hello.  Just wondering: is your client going to be doing touch tone or IVR
to process credit cards?  This makes a difference in the resposibility of
the merchant.  It sounds like they are going to do touch tone.  Check out
https://www.pcisecuritystandards.org/saq/instructions_dss.shtml#instructions
for
more information on merchant security obligations.  This merchant sounds
like a SAQ A merchant.
You might already know this but IVR is an automated credit card service and
touch tone is when the merchant takes the CC number and dials into a network
for an authorization number.

Hope this helps.
-Dave

On Tue, Aug 11, 2009 at 9:42 AM, Kevin Shortt <kevin.shortt at gmail.com>wrote:

> Hi Everyone,
>
> I have a client interested in accepting credit cards over the phone for
> purchases. (as an alternative to the current ecommerce in place).    I'm
> interested in feedback on the risks to an organization when an employee of
> that organization handles the credit card data from the customer.  What type
> of measures are typically taken prior to implementing this process?
>
> For example, since the employee/agent is capable of skimming data, then
> what can the organization do to protect itself?   (I.e. policy, NDA, etc..)
>
> I'm looking to for the best practice and norms..  Links of sites to read
> would be great too...
>
> Thanks.
>
> -Kevin
>
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090811/d51cbdc4/attachment.htm