I have decided that Hare's, Ltd. will no longer accept credit card payments.  

When I started the online store five years ago, I innocently thought that accepting credit cards would drive traffic to the site.  It has not.

In order to accept online credit card payments, Hare's, Ltd is required to contract with both a merchant account and a payment gateway.  Each charges fees according to its own schedules.  

Monthly fees were not insubstantial.  The merchant account charges a monthly minimum fee, meaning that if a dollar minimum of credit card charges was not met, then that fee would apply.  There was also a basic monthly fee,and a percent-of-sale fee.That same company also limits credit card dollar transactions so that Hare's, Ltd. is left with a specific margin within which to accept transactions.  Each transaction was also subject to a small "holdback" charge, since the antiques business is apparently loaded with fradulent merchants, as explained to me back then. This holdback charge was supposed to be refunded but never was.  Hare's, Ltd. also paid an annual fee to maintain this relationship.




The other company also charged a monthly fee and a percentage of sale fee.  The monthly fee was increased several months ago-everything else was rapidly becoming more expensive in our economy, so this alone was not alarming.  Then the same company initiated a fixed monthly "Access" fee, which increased monthly costs to 150% of what it had been prior to this new charge.  

Recently the latter company began strong-arming Hare's, Ltd. with threats-if Hare's, Ltd. does not demonstrate PCI DSS compliance, then Hare's, Ltd. must pay a "PCI DSS Compliance" fee to a third party company, increasing the current fees to nearly 175% of current fees.  This new fee, however, requires nothing of Hare's, Ltd. but payment.  No further action toward compliance is required.  The third party company is not listed as a PCI DSS Approved Scanning Vendor.

Now.  PCI DSS requirements are essential and are not anything to avoid!  These requirements evolve into ever-more secure methods of handling credit card data to protect you.  PCI DSS itself offers a PCI DSS Compliance Self-Assessment which small-volume merchants such as Hare's, Ltd. could use to see if and where compliance might not be met.  So I took the Assessment.  The only parts I was unable to answer on behalf of Hare's, Ltd. were those pertaining to merchant account and payment gateway compliance.  Hare's, Ltd. is compliant in everything else.

I emailed the merchant account and received in reply a sales spiel.  I could pay yet another third party company to offer me the same PCI DSS Compliance Self-Assessment that I had already taken from PCI DSS.  Other services, such as correction of non-compliance, could be had at additional fees.  At least the third party vendor offered here is listed as a PCI DSS Approved Scanning Vendor.  But the services are no more than I could utilise at PCI DSS itself.  The merchant account client support reply failed to address my request for proof of compliance.  I'm sure it is indeed compliant, but I lack that proof which is needed to complete my self assessment.

I then telephoned the payment gateway.  I explained the reason for my call and requested proof of compliance as outlined by PCI DSS requirements.  The help desk girl was flustered.  She kept insisting that "If we weren't compliant we'd be out of business".  Fine.  Just submit proof.  She began to shoot out one silly sentence after another in vain hope of sidetracking me.   The help desk disconnected the call with no resolution reached.  This could have been funny if the subject weren't so serious.

I did write to PCI DSS in hope of gaining some information that would allow Hare's, Ltd. to continue to offer credit card payment.  After all, the requirements are not strenuous.  all the requirements are and have always been met by Hare's, Ltd. with the exception of having the burden of proof of our third party credit card payment companies' compliance.  I have now decided that it just isn't worth it.  Hare's, Ltd. is far better investing its assets in good inventory than in bad, possibly non-compliant, merchant account and payment gateway services.  Therefore, other payment means will be accepted, as explained on Hare's, Ltd.'s Customer Service page.

 

 

 

 

 

 

 

Hare's, Ltd. is the parent corporation of Hare's Light, a gallery dealing primarily in lighting and other
antiques of the early 19th century.  

 

Website Design by 10E20 Web Design