HostedPCI was approached by a merchant who worked with different charities in order to submit their payments to multiple payment processors. This merchant requires the ability to collect and store the credit card data from different charities in a secure manner. The charities collect credit card numbers from their different donors and store them locally until our merchant is able to collect them for processing. HostedPCI’s newest feature ‘Inbound Message Transfer’ was developed specifically for merchants who need the ability to retrieve credit card data from an SFTP location without needing to compromise their PCI scope.
This Merchant required the ability to collect and store credit cards securely from their booking page until required for payment. The transaction process starts with the first 2 requests being sent to the airline company to determine if tickets were available and then the 3rd transaction needs to be sent securely with the credit card number to the airline. The first 2 transactions provide a booking number which is then sent along with the credit card in the payment request over to the airline for processing. Once the booking request has been completed the travel company then needs the ability to charge the same card for 2 additional payments 1 payment to the insurance company and the last transaction was sent to the payment gateway to process the surcharge.
This municipal merchant required the ability to accept credit cards from their clients in a PCI compliant way to reduce their PCI scope as much as possible. The biggest trouble was to collect the customer’s card over the phone while being able to provide guidance to their clients regarding the transaction process and also collect the card during off-hours with an unassisted IVR. While this Merchant also collects credit cards online a large number of their clients typically call in for convenience and comfortability. Once the credit card is collected the Merchant needs to process not only the bill fees but also a standard service fee.