Hiya folks hope you are all well.

I wonder if anyone can give me any
recommendations/advice on the mine
field that is taking credit card payments.

I am getting more and more customers
asking to pay deposits on their card rather
than PayPal or even BACS transfer.

My only reservation from searching the
web is the costs of having a terminal.

So, for those guys who do take card
payments can you please pass on any
advice.

Many thanks in advance chaps.

I have a natwest business account and i went though them with worldpay.
I use phone, ipad or laptop to take payments..
You get the normal charges like 45p for a debit card and around 2.2% for a credit card

This may be of some use to you, if only to tell you what not to do.

some related reading. (http://www.forum.mobilediscodirectory.co.uk/showthread.php?38739-Nochex-Users-WARNING!-EDIT-not-only-Nochex-users-affected!&highlight=card+payments)

Thanks chaps

I am getting more and more customers
asking to pay deposits on their card rather
than PayPal or even BACS transfer.

Normally your customers have the choice of paying by card if they don't have a paypal account if you set up a proper payment page on paypal, the charges aren't nice but it's the simplest way I know.

I'm in a similar situation. Talked to a rep from CardSave about getting a mobile chip and pin device but at £25/month + Fees I think it's a bit steep.

Came across this the other day - I'm tempted!

https://www.izettle.com/gb

Not sure izettle allows CNP transactions though :confused:

Not sure izettle allows CNP transactions though :confused:

What is a CNP transaction please Martin, I have signed up for IZettle.

EDIT: cardholder not present. Yes it does as it gives you a manual entry option, I enquired about this as most of my computer sales are from highlands an islands.

In their Q&A, they repeatedly say that you're not permitted to use it when the cardholder isn't present / can't use for telephone transactions, etc, so whilst you physically can, you're not allowed to

The card holder needs to sign the screen with izettle, and you can only take visa payments by obtaining the clients phone number where they have to follow a text message link to pay

I use paypal to take cards. Never had an issue.... Don't put nearly enough through to warrant a terminal.

I have just had a payment via izettal and as Andy says it does send a text to the cardholder who then inputs card details, easy as anything.

Hammy: all over their website and their facebook page:
the buyer and the seller must both be physically present.

The email to the Buyer's phone is only for Visa because the card reader isn't capable of working with Visa cards, so the only solution was to input on your phone, and the buyer completes on their phone (fine... so long as they have a smartphone!)

Also..... OUCH!!!!!
Kellie: Can I ask how long it takes for payments to reach the users bank account? Thanks x
iZettle: Hi Kelly,

If you make a transaction with the card reader, we deposit a maximum of 1,000 GBP four business days after the transaction was made, the money will then be available in your account within three business days.

If a transaction is made without the card reader (via manual entry), we will deposit a maximum of 25 GBP four business days after the transaction was made. The remainder will be deposited approximately 15 days later.Three weeks to get your money!!!!! :omg:

If you're taking card payments, don't forget PCI DSS compliance (Google it)!

If you're taking card payments, don't forget PCI DSS compliance (Google it)!

Unless he's storing the credit card details (which is doesn't sound like he is), or he's processing payments with his own merchant account (which he isn't), then that won't apply.

As for iZettle, they're pretty good and you should have no problems with them. The payment turnaround times actually get a little faster the longer you're with them, although they don't advertise that fact widely. For CNP payments, you might want to try GoCardless if a customer doesn't want to do a direct bank transfer. Maximum fee of £2, you get your money within a reasonable time and any future payments from a client are processed very quickly. Very useful for residencies etc.

Hope that helps :)

Hmmm... that 'GoCardless' looks interesting!

Might have to investigate that further. Thanks for the heads-up. :approve:

Hmmm... that 'GoCardless' looks interesting!

Might have to investigate that further. Thanks for the heads-up. :approve:

No worries :) It's good for deposits, but not for anything 'immediate' due to it going through the Direct Debit system. We've been using it for a while and most of our regular clients prefer it - personally I'd highly recommend it.

Unless he's storing the credit card details (which is doesn't sound like he is), or he's processing payments with his own merchant account (which he isn't), then that won't apply.

I mentioned PCI DSS compliance purely because CNP payments were mentioned earlier in the thread, and options were being banded about. It wasn't necessarily aimed at the OP and their current way of working (or any suggestions so far), but as something to be aware of when looking at alternatives.

Broadly speaking, anyone with their own merchant account should be looking at some level of PCI DSS compliance.

I mentioned PCI DSS compliance purely because CNP payments were mentioned earlier in the thread, and options were being banded about. It wasn't necessarily aimed at the OP and their current way of working (or any suggestions so far), but as something to be aware of when looking at alternatives.

Broadly speaking, anyone with their own merchant account should be looking at some level of PCI DSS compliance.

Apologies if my reply came off heavy handed, it wasn't my intention. However, when you do Google PCI DSS, the requirements you discover can be alarming to say the least and I didn't want the OP to start looking at a huge list of requirements that wouldn't apply to him. As long as he remembers not to write card numbers down or store them digitally and always use a 3rd party payment processor, they won't apply.

I will, however, concede that if you have a bank-issued merchant account and you're running secured transactions without the aid of a 3rd party gateway, then yes, PCI/DSS compliance is important, however I would venture to say that anyone doing this probably has a significant amount of experience in processing gateways etc.

Apologies if my reply came off heavy handed, it wasn't my intention. However, when you do Google PCI DSS, the requirements you discover can be alarming to say the least and I didn't want the OP to start looking at a huge list of requirements that wouldn't apply to him. As long as he remembers not to write card numbers down or store them digitally and always use a 3rd party payment processor, they won't apply.

I will, however, concede that if you have a bank-issued merchant account and you're running secured transactions without the aid of a 3rd party gateway, then yes, PCI/DSS compliance is important, however I would venture to say that anyone doing this probably has a significant amount of experience in processing gateways etc.

I'm sorry, but that's just wrong. The vast majority of bunsinesses with a merchant account need to be PCI DSS compliant, even if they're using a 3rd party payment processor. Most here would, I imagine, be level 4 which is more or less satisfied with a self assessment questionnaire. See http://www.pcicomplianceguide.org/pcifaqs.php


Q: Do organizations using third-party processors have to be PCI compliant?
A: Yes. Merely using a third-party company does not exclude a company from PCI compliance. It may cut down on their risk exposure and consequently reduce the effort to validate compliance. However, it does not mean they can ignore PCI.

We are self certified, just filled out the online questionnaire and got emailed a certificate if i remember rightly.

Yes same as ben or you got charged a fee

I've got to look into this more seriously in the newyear, but my prelimary findings are, look closer at WorldPay and SagePay.

Apologies to Mark here - if I seemed to be suggesting that basic compliance levels could be ignored, then I apologise as that wasn't my point. My main point was that a LOT of the PCI information out there is targeted at high transaction number/value operations which can become overwhelming at first glance.