这个问题讨论了不同的支付处理器和它们的成本,但我想知道如果我想接受信用卡支付,我需要做什么?
假设我需要为客户存储信用卡号码,因此依赖信用卡处理器来完成繁重工作的明显解决方案是不可用的。
PCI数据安全,这显然是存储信用卡信息的标准,有一堆一般的要求,但如何实现它们呢?
像Visa这样有自己最佳实践的供应商呢?
我需要用钥匙卡进入机器吗?那保护它不被大楼里的黑客入侵呢?甚至如果有人拿到了包含sql server数据文件的备份文件呢?
备份呢?周围还有其他数据的物理副本吗?
Tip: If you get a merchant account, you should negotiate that they charge you "interchange-plus" instead of tiered pricing. With tiered pricing, they will charge you different rates based on what type of Visa/MC is used -- ie. they charge you more for cards with big rewards attached to them. Interchange plus billing means you only pay the processor what Visa/MC charges them, plus a flat fee. (Amex and Discover charge their own rates directly to merchants, so this doesn't apply to those cards. You'll find Amex rates to be in the 3% range and Discover could be as low as 1%. Visa/MC is in the 2% range). This service is supposed to do the negotiation for you (I haven't used it, this is not an ad, and I'm not affiliated with the website, but this service is greatly needed.)
这篇博文给出了一个完整的处理信用卡的纲要(特别是在英国)。
也许我问错了问题,但我在寻找这样的建议:
使用SecurID或eToken为物理盒添加额外的密码层。 确保盒子在一个有物理锁或键码组合的房间里。
