Announcement

Collapse
No announcement yet.

Lloyds TSB Cardnet & PCI DSS Compliance

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Lloyds TSB Cardnet & PCI DSS Compliance

    I have just received notification from Cardnet that from May they will be charging me £5.50 per month for each outlet to ensure that we are PCI DSS compliant. We have two so called outlets as they make us pay for two merchant numbers, one for MOTO and the other for online orders for which we use Actinic Payments. From my (somewhat limited) understanding Actinic Payments is powered by Creditcall who are fully compliant, and as we therefore don't hold any card data for our online transactions (as it's all processed through them), I'm not sure what why we have to pay Cardnet twice.

    I understand that the rules are changing and that aquirers are now going to be responsible for ensuring their clients are compliant, but it sounds to me like Cardnet have taken this as another opportunity to make money. £132 per year isn't a huge amount of money but as usual it hits small businesses hardest, and just sounds like a rip-off to me. I was wondering if other aquirers are charging for this "service" and if so what their costs are. I am considering moving from Cardnet as I've heard they are generally expensive, but I'm not sure if there are any good alternatives out there, or if it's more trouble than it's worth to actually make the change. Any advice would be appreciated.

    #2
    If you use Actinic Payments as your gateway then you should just need to indicate this on the questionaire - that you are processing via a PCI Level 1 (I assume they are Level 1) accredited provider. However, as you are processing MOTO payments as well there is a chance you would be classed as PCI Level 4 for this. I am not sure about Lloyds but HSBC have contacted all their merchants regarding the new level requirements.

    Have you sourced your own QSA (Qualified Security Assessor) for PCI compliance or have you gone with Lloyds recommendation? We use ECSC for ours and have been Level 1 equivalent accredited since the PCI DSS was first introduced.
    TotalWebSolutions.com
    Payment Gateway 300 transactions per month just £10 (10p/trans if over 300)
    No Setup Fee - No Charge for Declines - PCI Level 1 - Integrates easily with Actinic - Virtual Terminal option - UK Support

    Comment


      #3
      Cardnet are the highest costwise and the lowest techwise in my experience, we moved a site onto A&L processing around 2 years ago and saved almost 60% on costs, they're a rip off IMO and i don't expect that has changed a dot since i last dealt with them.

      Even if all providers were about to charge this and even if they were all about to charge more than cardnet, i would never stay with cardnet, they're just pants IMO on all accounts.

      Comment


        #4
        We just had the same letter from Cardnet.
        Lee's right - they're a useless bunch of [insert preferred noun here].
        Definitely changing now - I hear Steamline via FSB is good value, but are their customers being charged this ridiculous extra charge as well?
        Kind Regards
        Sean Williams

        Calamander Ltd

        Comment


          #5
          We haven't received any notification like this from Streamline but then we don't have a MOTO account just face to face CnP and online.

          Comment


            #6
            Thanks for your responses. It doesn't matter what kind of merchant account you have with Cardnet, they will be charging £5.50 per outlet (or should I say per merchant number) as of May. I've spoken to them and it is not optional. It seems like I will have to look into changing to Streamline.

            Comment


              #7


              I read this thread this morning and wrote a really long post this evening explaining the research I had done on this issue for a customer but because I was not logged in it was all lost somehow.

              Anyway the gist is that as far as I can see all the banks now seem to be taking advantage of PCI DSS. They all blame Visa and MasterCard for creating it in the first place. I really don't think it has any positive effect on consumer confidence and none of the websites I have built have ever been hacked. Anyway here is what I know about what other banks are charging in order of my worst to least worst (they are all bad) banks

              Barclaycard - £75 per year. They fob you off to security metrics that are apparently quite good but you have to call their agents in the US for support. They have more charges for scans of more Ips. Barclaycard also have a very sneaky non compliance charge of 0.98% per transaction - very sneaky

              Elavon - Two different charges. Approx £25 and £120 depending on whether you have a website. They also penalise you if you don't log in. I think the penalty is about £20 per month. They fob you off to another QSA called Trustwave to use their portal. I don't know much about their support. They also insure you against a breach which is quite good. But does anyone actually get breached - apart from the big merchants like Lush

              HSBC - They also use Security Metrics but they are better than BarclayCard because they don't have the sneaky 0.98% transaction fee. Other than that the price and support is the same

              LLoyds - £5.50 a month. Probably as bad as HSBC but they also insure you against a breach. They seem to handle it themselves instead of fobbing you off to a third party and you can call your normal number for support which is a plus. Still a rip off though if you have more than one website or outlet

              Bank of Scotland - £3.99 a month. No insurance but the cheapest I have found.

              Worldpay/streamline - I called Arsenal security the provider they recommend on their website. They told me they are not providing it anymore for world pay. To give me a quote they wanted to grill me on my business, the number of Ips, servers etc. I told them I would call them back with the information. No intention of doing so because I got the impression they wanted to come out and meet me and that could get very expensive very quickly.

              General thoughts are that PCI DSS is a scam that all the banks are exploiting now. I personally cannot see any benefits to merchants.

              Comment


                #8
                Originally posted by tbuckley View Post
                Barclaycard - £75 per year. They fob you off to security metrics that are apparently quite good but you have to call their agents in the US for support. They have more charges for scans of more Ips. Barclaycard also have a very sneaky non compliance charge of 0.98% per transaction - very sneaky.
                I didn't realise that our PCI compliance had slipped towards the end of last year. I've just double checked the merchant invoices from Barclays and have discovered that they have been charging us 0.15% without any prior notification or warning. I also can't find any reminders from security metrics!

                It is worth noting however that if you're with Barclays and using Security Metrics, the cost for 'self assessment' is £11.99 for the year.

                Right, off to call Barclays.
                Regards,

                Nick Churchill
                www.oliverslighting.co.uk
                Olivers Online Shop
                Working within SellerDeck V11

                Comment


                  #9
                  Originally posted by Sean Williams View Post
                  We just had the same letter from Cardnet.
                  Lee's right - they're a useless bunch of [insert preferred noun here].
                  Definitely changing now - I hear Steamline via FSB is good value, but are their customers being charged this ridiculous extra charge as well?
                  I have never recieved this £10 charge and going by the levels people mentioned i am below these. I have a number of payment options and this dilutes the amount on each service so fall into the chargeable catagory but fingers crossed i have never recieved one.

                  Comment


                    #10
                    Hi,

                    I'm with Streamline (via the FSB) and have a MOTO account and have not been notified of any extra charges, but that doesn't mean they won't...
                    The Patchwork Rabbit

                    Comment

                    Working...
                    X