In credit card processing, the business model refers to the manner in which payment will be presented to your business. Any and all point-of-sale devices (POS) must adhere to PCI DSS and PA DSS where applicable. There are a few to consider:
Card Present (Face to Face)- presents the least risk, requires the cardholder to sign a receipt (reducing chargeback exposure), complete magnetic stripe information is captured and signature can be varified by clerk. Typically processed through a standalone terminal purchased by the merchant from PNC Merchant Services upon establishment of merchant account or a type of compliant processing software.
MOTO (Mail order/Telephone order)- present more risk due to card not being presented to clerk. Requires additional information to be aquired by clerk such as Name, Address, Card number (should not be written down per PCI DSS), CVV2 Code (last 3 digits on back of card). All of which must be entered into the POS.
Internet Based/Ecommerce- presents the most risk due to card fraud, chargebacks and hacking. Has the most stringent compliance requirements as all software versions must be PA-DSS compliant. This type of processing is typically done via a department website and per university procedures may not pass credit card data through the university's network. Authorize.Net is the preferred gateway for internet processing for both NKU and PNC Merchant services. It offers a SIM connection for websites that redirects the customer to Authorize.Net's outside server thus removing the risk for you as the merchant and NKU as a whole.
If you've detemined your business model and POS please proceed to the next step.
