Colleen,
Not sure if you are still watching this thread or not and I don't mean to add to your questions, but another thing you need to take in to consideration as a merchant online or otherwise (well if your in the US) is compliance with PCI DSS requirements.
PCI DSS stands for Payment Card Industry Data Security Standards. It defines standards that anyone who deals with credit card data needs to adhere to. These standards have been in place for years but for the most part the card associations (Visa, Mastercard, Discover, Amex) have been focusing on the huge merchants like Amazon, Walmart etc.. to ensure they are compliant. If they have a breach in security there is a much larger potential for credit cards to be compromised. Unfortunately the card associations have set a deadline of October 1, 2008 as the date that everyone else will not be expected to be compliant. This means merchant banks will most likely start cracking down on their merchants to ensure compliance.
The easiest way to work towards compliance is to not store credit card data at all because this significantly reduces the number of requirements you have to meet as a merchant. Also using payment services like Google Checkout checkout.google.com, PayPal www.paypal.com etc... will also go along way towards making it easier for you to meet the requirements.
If you would like more information about PCI you can check out the PCI Security Council's website at Home - PCI Security Standards Council. This site provides very good information as to what the actual standards are and how merchants can work towards meeting them.
This post was not intended to scare you but I thought you might want to read up on PCI. I would hate to see you get your business started and have issues down the road.
Bob
Not sure if you are still watching this thread or not and I don't mean to add to your questions, but another thing you need to take in to consideration as a merchant online or otherwise (well if your in the US) is compliance with PCI DSS requirements.
PCI DSS stands for Payment Card Industry Data Security Standards. It defines standards that anyone who deals with credit card data needs to adhere to. These standards have been in place for years but for the most part the card associations (Visa, Mastercard, Discover, Amex) have been focusing on the huge merchants like Amazon, Walmart etc.. to ensure they are compliant. If they have a breach in security there is a much larger potential for credit cards to be compromised. Unfortunately the card associations have set a deadline of October 1, 2008 as the date that everyone else will not be expected to be compliant. This means merchant banks will most likely start cracking down on their merchants to ensure compliance.
The easiest way to work towards compliance is to not store credit card data at all because this significantly reduces the number of requirements you have to meet as a merchant. Also using payment services like Google Checkout checkout.google.com, PayPal www.paypal.com etc... will also go along way towards making it easier for you to meet the requirements.
If you would like more information about PCI you can check out the PCI Security Council's website at Home - PCI Security Standards Council. This site provides very good information as to what the actual standards are and how merchants can work towards meeting them.
This post was not intended to scare you but I thought you might want to read up on PCI. I would hate to see you get your business started and have issues down the road.
Bob