There is a raging sea of merchant service providers available to merchants. From simple gateways to full-scale integrated payments solution providers, merchants have endless options for payment processing.
Online merchants, in particular, have a robust variety of choices in how and through whom they can accept payments. The additional risk posed by card-not-present online payments means that eCommerce merchants should be especially picky when choosing merchant services providers. Consider whether or not the provider you’re considering is reputable if their technology is compliant, and if they maintain certifications (PCI-DSS, HIPAA, SSAE-16).
Online merchants can greatly simplify compliance by working with a payment processor that offers a PCI-compliant gateway. Since the gateway itself is audited for PCI compliance, it reduces the scope for merchants who can simply employ one of these audited gateways. The other thing to note is what tier a gateway provider falls under. There are four tiers under the PCI standard and each level has its own set of requirements. The breakdown is as follows:
- Tier 1: process over 6 million Visa transactions annually through card present, card not present, and eCommerce channels.
- Tier 2: process 1-6 million Visa transactions annually through card present, card not present, and eCommerce channels.
- Tier 3: process 20,000 to 1 million Visa transactions annually through card present, card not present, and eCommerce channels.
- Tier 4: process up to 1 million Visa transactions annually through card present, card not present, and eCommerce channels and do not process over 20,000 Visa transactions exclusively via e-commerce each year.
