Selecting a proper Service Provider to partner with in offering online transactions is a very important step for any organization. Often times, the rush or need to provide a solution prompts organizations to make hasty decisions they may later regret or need to change. Before getting into the details of how to select a service provider, it is important to understand what a service provider truly is and what they do.
What is a service provider?
Visa and the other card brands define a service provider as “organizations that process, store, or transmit Visa cardholder account or transaction information on behalf of Visa clients, merchants, or other service providers.” This means that any organization that takes part in making transactions process for you is likely a service provider. This could be the gateway that an organization uses, or in some cases, the company providing the form that customer or donor information is typed in to.
Now that a better definition of a service provider has been established, it is easier to determine which service provider you currently work with or may want to work with in the future. If you ever have questions about whether a company would be a good service provider for you, feel free to reach out to our support team and we can help determine this with you. Once you have a list of potential providers, there are a few important items to consider.
Are they secure?
Just as any organization accepting card transactions is required to validate PCI Compliance, so are Service Providers. In fact, as a merchant, one of your PCI requirements in Requirement 12 is to practice due diligence in selecting your service providers and ensure annually that they are fulfilling their PCI Compliance requirements.
You can visit Visa’s Global Registry of Service Providers to see a list of all “Level 1 Service Providers” which is classified as a service provider that processes, stores or transmits over 300,000 transactions of an individual card brand each year. You can enter search criteria here to see if the provider you are considering are PCI Compliant and registered with Visa, though it is not always required for service providers to do so. For this reason, be sure you ask your service provider for this information as well. They may just have it on file at their office and provide it upon request.
It is important to be very clear on the definition of a service provider. Visa defines this as any organization that stores, processes or transmits card data.
The last point, regarding transmission of card data, is the one that usually catches an organization and/or their service provider off guard. If a service provider has built a form to accept card data and integrate it with a gateway, it is possible that they are considered a service provider.
Each situation and company will be unique, so it is important to ask the right questions to determine if the card data is entered into their form or directly at the gateway. If it is entered directly into the form, you will want to understand the integration method because it is very likely that their integration passes the card number to the gateway so that the gateway can handle processing and storage. If this is the case, they are still a service provider because of their role in transmitting card data to the gateway.
Depending on the size of your organization, you may have other complex systems that you use. These can range from programs that track inventory or sales, to an accounting or donor management system. If your organization has programs such as these and it is critical you streamline the process between one and the other, it is important to look for service providers that can help you simplify this process through an integration.
Ask your service providers how they may be able to help create these integrations for you through custom work, or see if they already have integrations available that will work for you.
At the end of the day, service providers can be a confusing topic when speaking about payments. But one thing is always clear: choosing the right service provider the first time is always worth the extra effort.