Reference #: KB 00015
Last Revised: 03.20.12
This article applies to existing users of StudioPlus 2011 (or prior) that currently process credit cards with Merchant Warehouse and that are upgrading to StudioPlus Spectra 2012.
Spectra 2012 offers great new tools designed to simplify the PCI compliance burden that all studios face. To accomplish this, Spectra will no longer touch a credit card number and will no longer store a credit card number in its database. Doing so removes Spectra from the PCI compliance scope. In addition, because you are no longer storing credit card numbers within your network, the PCI compliance assessment you must complete each year becomes much simpler.
So, how can Spectra process credit cards if it never touches the card number, and how can you process payment plans if the card number is never stored in the Spectra database? When you need to process a card, Spectra will open a special window provided by Merchant Warehouse. You will then swipe the card or manually key it in. That window will then communicate direct with the Merchant Warehouse secure server, process the credit card, and then pass a unique token back to Spectra. The card is stored on the Merchant Warehouse secure server and NOT in StudioPlus Spectra or anywhere on your system. With that unique token, Spectra will still be able to process repeat transactions, pending payments, and payment plans.
To take advantage of these new features, you must be processing credit cards through Merchant Warehouse. Second, you must turn on the new credit card processing feature in Spectra. Third, you must purge your existing database of all previous credit cards you have processed.
Now that you have completed the setup, let’s discuss how these changes will affect your day-to-day processing. When creating a payment record in Spectra and after selecting a credit card payment method from the Payment Methods list, you will be presented with two additional buttons – Get Swiped Card and Get Keyed Card.
Click Get Swiped Card if your client is with you and you have the ability to swipe their credit card. When clicked, you will be presented with a window provided by Merchant Warehouse. In that window you can proceed to swipe the card using either a standard non-encrypted reader like the ones you may already own or a new encrypted card reader. Encrypted readers will encrypt the sensitive card details immediately in the reader hardware before the data ever reaches the computer, providing an additional level of security for your business. To order new encrypted credit card readers, contact Merchant Warehouse.
Click Get Keyed Card if your client is not with you and you are taking the card details over the phone. When clicked, you will be presented with a window provided by Merchant Warehouse. In that window you can proceed to manually enter the card details and then click Submit.
After swiping or keying the card, you will be presented with a message box telling you if the transaction was approved or declined. If the transaction was approved, the payment record in Spectra will be saved automatically to prevent you from exiting without saving the record.
When processing a refund, Merchant Warehouse and Spectra will require you to select the payment record to be refunded. You can refund any amount up to the amount of the original payment. If you have multiple payments to refund, you’ll need to create a separate refund for each payment.
Because Spectra has now been removed from PCI compliance scope and because you are no longer storing credit card numbers anywhere on your network, the process to become PCI compliant has become much simpler.
The PCI Data Security Standards (PCI DSS), established by Visa, MasterCard, Discover, and AMEX, were designed to help businesses ensure that payment card information is handled safely and securely. PCI compliance is mandatory for all merchants accepting payment cards and compliance could save your business thousands of dollars, or more, in fines and fees due to a data breach.
In order to help their merchants become compliant, Merchant Warehouse has entered into an agreement with ControlScan, one of the top data security firms in the country. Merchant Warehouse will charge you a fee to cover their cost of working with ControlScan to take the necessary assessments in order for you to become PCI compliant. ControlScan will walk you through the process and make sure you take the proper actions. The first step in this process is to enroll at www.merchantwarehouse.com/enroll which we encourage you to do as soon as possible. If you are already enrolled with ControlScan, no further action is needed at the moment. ControlScan will contact you when it is time to re-enroll. The terms and conditions governing ControlScan’s work are provided to you by ControlScan; Merchant Warehouse does not represent or warrant the completeness or accuracy of the services provided by this vendor. This fee is being assessed in accordance with section 18.5 of the current governing Merchant Warehouse agreement; the services provided by ControlScan are included with this Administrative Service Fee.
For more information about the PCI Security Standards Council please visit www.pcisecuritystandards.org.
So what does this all mean to you? It means that when you have marked the option in Spectra to not store credit card numbers in StudioPlus Spectra for PCI compliance, your process (called the Self-Assessment Questionnaire) will be MUCH shorter. The following is a specific question to watch for when completing the assessment:
If you have specific questions regarding the assessment process, contact ControlScan at 800-438-0240.