e-Commerce Talk Forums Australia

Hello there everyone.

I would like to know if it is possible to dump my gateway to take payments manually. I can get a manual merchant facility at my bank its cheaper than the internet based one I've got now. But how do I capture credit cards on my site legally?

I have fallen into a heap of late. Last few months my gateway has transacted too many payments that were fake so I'm out of pocket. Bloody stupid I don't have a say in whether I want to accept the payment or not. It is expensive and what I get out of it is losses. Doesn't make much sense to me.

My oscommerce cart has an inbuilt method to capture credit cards but it says "not for production use". After reading up about it I think it has something to do with this pci rules, its not allowed.

Can anyone help provide any info. Would be very grateful.

Thanks

Hello Stoner9,

You can do it manually with a proper PCI compliant manual payment gateway to capture the credit card details for you. Have a look at the e-Path Payment Gateway.

The manual alternative does save you money, no doubt about that. And I agree with you in that you will be able to check details yourself so you should be able to cut down on the fake transactions. But if you are doing a lot of transactions per day I would not suggest a manual method.

You are right about shopping carts. They can not capture credit card details anymore without full PCI compliance. That's why osCommerce has added that bit about 'not for production'.

Good luck

I made the same switch. The result has been its cheaper. I'm handling more orders then ever before and I can now see the fake orders (as nightrider says) as I get them then I hit the delete button. I don't get charge backs anymore cause I ain't processing bum transactions. I haven't regretted the move one bit. But you have to find yourself an approved manual payment gateway. Nightrider is right. You can't take credit card details anymore on your site yourself.

This is my set up: I have an online shopping site that goes through eway to take credit card payments and an internet merchant account. I also have an EFTPOS terminal which I use to charge cards in my shop and I also punch in credit card numbers I get from orders I recevie over the telephone.

I also have had the occassional fraud payment go through from my shoping site then the bank takes it from my account usually about two weeks later which I really hate.

This subject caught my attention. What would I be saving if I were to go "manual"?

Thank you

Tracey

tracey33 wrote:This subject caught my attention. What would I be saving if I were to go "manual"?

From what you've said it looks like you are doubling up on everything. If you already have an EFTPOS terminal and its approved to enter card not present transactions you get from phone, fax and the net then you could easily go with a manual payment gateway and replace eway and your internet merchant account. You don't need two merchant accounts. So whatever their costs are you won't have to pay.

But you will be going from an automated system to a manual one.

Cheers

Max

The manual method has always been frowned upon by major banks and credit card vendors. That is up until only recently with the advent of a particular company (I won't mention them as they are already enjoying HUGE amounts of free publicity on this site).

It is true that a PCI DSS approved manual payment gateway can save you money and as we are now seeing they are genuinely helping businesses cut down on their fraud exposure. But they are manual. If you like things automated do not get a manual payment gateway.

Coming from a banking industry background myself the one area that really impresses me about these new manual systems is cardholder details (credit card details) are no longer permanently stored online. When you consider the vast majority of fraud happens because credit card data is stolen from webservers, databases and networks etc, then you can start to see what an impact these new manual payment gateways could start to have on things.

Hackers and fraudsters HATE manual payment gateways because the credit card data is no longer within reach. That's music to the ears of companies like Visa, Mastercard & Amex.

The other main reason why fraud occurs is because transactions are usually performed online without the merchant having the opportunity to check things. Funnily enough the manual gateway system also knocks this for six too because nothing is automatically and instantly transacted online with a manual system.

So, two years ago I would have said you would be insane to move to a manual system. Nowdays, since the advent of the PCI DSS and the growing problem of online fraud and the increasing direct cost burden fraud is placing on small businesses, I an inclined to think very differently.

Cheers

You can't 'dump' your gateway to go manual. I think the only way to do it legally is to go from your current type of gateway to the manual type of gateway. You can't take credit cards anynmore on the net without using the ways that are all OK and approved as far as I know anyway.

I have received a number of PM's about my comment and after reading through it I feel I should clarify what I meant by the following ...

Mal wrote:Hackers and fraudsters HATE manual payment gateways because the credit card data is no longer within reach. That's music to the ears of companies like Visa, Mastercard & Amex.

I am not suggesting that if you use a real time payment processor either third party or from your bank that sensitive credit card data is "within reach" of everyone. Was a bad choice on words on my part. What I was meaning is that it is within reach if you are a criminal who successfully "hacks" into it. If its there, its a target.

Permanently storing credit card data is risky, and despite some of the most advanced security systems on the planet being assigned the task of protecting permanently stored credit card data these systems do somehow inexplicably appear to still be breached occasionally.

I was merely making the point with these new PCI compliant manual gateways they don't permanently store any credit card data within their online payment gateway systems. So if you were a hacker or a cyber-crim you'd be pretty peeved off because efforts to hack them would be a waste of time - like efforts to break into a bank that doesn't store money.

My apologies for any confusion.

Mal

Just my 2c worth. I did this like a year ago. I use e-path. For a full year I have not recorded one single fraud transaction into my merchant account because I can SEE AND IDENTIFY them when I receive them. I can offer my customers the best security there is because none of their credit card details are permanently stored on the world wide web. And to top it off it is cheap and makes me totally PCI compliant without me having to do anything to my site or my hosting. It is an awesome service and I will never go back to the 'dark ages' of russian roulette with an expensive real time gateway and all those chargebacks. No way man.

AWESOME thread. This is exactly what I have been looking for for many of my clients.
Thanks
Ice

Way cool, thanks people. I am now with epath. Took some heavy duty conversations with my bank about swapping my internet based merchant account for a manual one with online terminal - they don't make much money out of a manual merchant account and I like the idea they won't get a chance to charge me charge back fees again. for them but for me

hey stoner9,
why don't the bank make much money? can you tell me what the difference in costs are? offine processing is what i want to do too but only to get control over what i charge. realistically are you saving money with the manual way?

Hello there Nipsip,

Sorry I have taken a log time to reply.

Manul merchant accounts are not much cheaper than the ones designed for real time gateways but they are cheaper.

I also save a packet on the gateway, e-Path is way cheaper than other gateways.

But I also save money not having any losses cause of fraud and no charge back fees. But I still have to be super careful because it is all card not present stuff.

Thanks

We will be going the manual way too now after the last three months with three fraud cases that have cost us too much. I may as well be charging cards received online into my terminal like I already do when I get payment by credit card over the phone. It makes good sense. I should have done this a long time ago. Thank you to all.