Tuesday, April 24, 2012

Merchant Account Disaster Protection


I’m trying to figure out what the contractual issues are in terms of us switching from our current merchant account credit card vendor. My reason is both planning for disaster recovery and a way to switch vendors if the costs don't get under control.

 Is there a standard structure and terms and methods for this?  This post is a continuation of my discussion of it last month.  

For instance, is our ISO obliged to help us move our customer credit card records to another place if we ask?  Are our credit card customer records kept at his site considered our data?  What happens if he goes out of business?  Since we work with an ISO, I’m trying to figure out what the contractual relationships really are. Since we set this up eight years ago, the contracts are now a little hard to find and probably dated. Aren’t they supposed to be renewed periodically?

The only annual review is from the bank which asks us some basic financial info as it raises the amount of credit card billing that we can do.

There was a valuable comment on the last post that I'll repeat here:
Jestep said: 

Use a 3rd party gateway and storage vault, which will segment your data from your processor. It may be difficult to find, but there's a variety of gateways that can use most processor front-ends.

Realistically, even a small ISO, has multiple levels of failure prevention. Their processor (Global, FDR, Chase, etc...) and acquiring bank are virtually insolvent-proof so disruption of service would be extremely unlikely. With that being said, good luck getting anything out those organizations no matter the circumstances.

No comments: