Friday, October 11, 2013

Paypal as a Merchant Account Vendor: PCI Compliance & Chargebacks

I received an email from Paypal, who we use as a merchant account vendor, about how to avoid Chargebacks. It's a pretty good resource. I've excerpted a bit below.

In contrast, they've never contacted me about PCI compliance which I think is amazing. I've always believed that PCI compliance is required for everyone who takes credit cards.  I would count as a tier 3 vendor since I don't store any credit cards and my only obligation to be PCI compliant is to:
- ensure my merchant account is PCI compliant
- have my site checked by an authorized reviewer annually that it is clean and strong so that when we pass the credit card numbers, there's not problem. But I think they, as my merchant account vendor, are obliged to make sure that I am aware of these issues and in compliance.

A chargeback, also known as a reversal, is when a buyer asks their credit card issuer to reverse a transaction after it has been completed. It is available only to users who make a payment funded by their credit or debit card.
There are three main reasons a buyer will do this:
  1. The purchased item never arrived.
  2. The item was significantly different than advertised.
  3. Their credit card was used without their permission to purchase the item fraudulently.
Chargebacks are initiated and handled by the buyer's credit card issuer - not by PayPal - and therefore will follow that company's regulations and timeframes. That said, PayPal often plays a role in resolving chargeback disputes.