[sjb]

Hi All,

I have read this thread with great interest and having read it, I am very glad we made the decision several years ago (right at the inception of PCI in the UK) to move customer payments away from our website to our 3rd party Payment Processor (who naturally have the highest level of PCI compliance). By so doing, and following one or two other simple procedures, we became PCI compliant over night.

From talking to our acquiring bank (we work with one of the UKs “big 4”banks) we were their first customer to become PCI compliant in the UK. We were also their first to renew compliance last year.

I can only speak for the UK but our bank does enforce PCI compliance and started doing so 12 months or so ago. They are one of the big 4 UK banks so I guess the others will follow suit, if they are not already.

I only mention all this because we are a very small company but because we were “first up” with our bank, we had some input to our banks processes and also some very good feedback from them. They also put us in touch with some senior bods at MasterCard who were heading up aspects of PCI, as we had many questions that no-one else was yet asking in the UK at the time. In turn we were put in contact with a top PCI consultant from the US (consulting to major brands). His advice is the reason I am posting on this thread and it went along the lines of “unless you are a major business, perhaps along the lines of a famous retailer named after renowned female warriors, you should not be considering hosting payment pages on your store”.

I appreciate this is quite stark advice and many will disagree. However, his reasoning for this advice was that he foresaw years of increasingly onerous legislation and compliance, getting stricter each year. He also foresaw increasingly draconian penalties. He felt that the goal posts would move many times and that store owners would be placed in an increasingly difficult and exposed position. Perhaps I am wrong but itseems to me that his predictions are starting to be borne out.

We made the move immediately after speaking to him and have rested easy ever since. It was not too costly and was reasonably simple to achieve.

To those on this forum who bemoan the 3rd party solution as somehow being detrimental to sales conversions because customers do not like it, or get confused, all I can say is that our experience has been the absolute opposite. Our basket-to-order conversion rate (which we do measure) has increased significantly year-on-year since we made the change. It does of course depend how you implement the changes, how you explain it in your site and how you manage the redirection to the payment processor. But our experience has only been positive. We are a business-to-business site and perhaps for more retail-orientated sites, where customers may be less well informed, the experience will be different, I do not know.

I just wanted to share our experience as a counter-point to some of the posts on here, to give an alternative view that will maybe help some storeowners make the right decision, one way or the other. To host or not to host, that is the question. . . . .