Most people that will be taking credit cards directly via a form like this will have merchant account and be authorized to use the credit card logos. If they are using a service like PayPal they are mostly redirecting to their service providers site for processing not taking the card info directly.
There are many approved banners and logos that make use of the card network logos.
I have never had a payment processing agreement where I was barred from using the Network Logos, nor would I sign up for such a service, in the off chance I am wrong please back up your claims with citations to actual laws or statements to support your claim
> Most people that will be taking credit cards directly via a form like this will have merchant account and be authorized to use the credit card logos.
Using logos in combination with a credit card capture form comes with a different set of rules (and a different contract!) than just being allowed to use some third party processor that does all the work for you.
If you want to capture the cards yourself instead of outsourcing the job to an IPSP then you're going to have to be at a minimum PCI compliant. This goes for any company that stores, processes or transmits credit card information. The tipping point is somewhere around a million $ US per year. Below that the cost of being in compliance outweighs the fees the IPSP charges for their service handily.
The word 'credit' in credit cards stands for 'trust'.
People trust those companies and by extension trust those logos. That's why when you use them you will be held to the rules so strictly because credit card companies do not like it when their logos are used to give an aura of trust to an otherwise non-trustworthy situation. Just the PDF about what you can and can not do visually with the logo runs to lots of pages.
Yes, there are plenty of ways in which using those logos is absolutely ok, and where using this form is (probably) just fine.
Everybody that is PCI DSS compliant can likely use it without any problem. Yes, there are also plenty of ways in which using this form is strictly against the terms of service, typically this includes everybody who is not PCI certified, which is almost every two bit merchant on the web that outsources their payment processing and credit card capture to some third party.
So, if you use a 3rd party solution that serves up the payment form and that handles the card capture and subsequent processing for you and you have a contract with them rather than with the card company you can use the logos and nobody will care, mostly because you can't do much harm (such as your paypal example).
But if you are in a situation where you have a merchant account but you are not the merchant of record (this means you are a sub-merchant, such as when using any one of a number of IPSPs) then using this form is most likely not a good idea.
As for me backing up my claims, I'm not going to attach a copy of my merchant agreement to a comment on the web, you are totally free to disregard what I wrote. This advice is worth exactly what you paid for, and everybody that has a merchant account but is not the merchant of record (aka a 'sub-merchant' in payment processing lingo) is totally free to inspect their own personal copy and for everybody else this does not matter at all.
I am fully aware of PCI, I used to develop billing systems, Utility Billing Systems to be exact a heavily regulated industry that has even more rules than normal ecommerce. Further anyone that collects credit card data must be PCI Compliant, period. There are 4 Levels of PCI Compliance and depending on what your doing with the Credit Card data and how many transactions you process determine where you fall, many small merchants are only Level 4
Edit:
I Just looked at your list of "Payment Facilitators". If you use one of those processors YOU DO NOT HAVE A MERCHANT ACCOUNT. I think that is where the communications break down is happening, a merchant account is a specific thing, Using 2 Checkout, or Stripe (which is the service this seems targeted at) does not mean you have a "merchant account". None of these services claim to give you a merchant account.
Further I can find thing to support your claim that using this form with Stripe or another "Payment Facilitators" would be in violation of any agreements. However when I replied I was not talking about people that use these "Payment Facilitators", a person with merchant account, a person that uses a full gateway like Authorize.net which a huge number of merchants do should not be at all concerned with using this form
None of the links you posted have supported your claim, nor can I find any supporting documentation to back your claims. You do not need to post your mythical very restrictive merchant agreement, you should just post the text about that your talking about. Or find me any company most of which have their standard agreements and terms online, that says anything about this. I have look at most of the major payment gateways, 3rd party processors, and various others people, plus I have contacted some people I know that still work in development of payment systems (I have been out of that game for about 5 years now) and none of them have any clue what your talking about.
Well, some people that I contacted verify my story and I worked on payment systems as recently as 6 months ago. But what statements like that do to bolster a position is not clear to me.
I'm not sure what you're trying to achieve here, some kind of anecdotal proof that I'm wrong?
You're completely missing the point of the sub-merchant situation, one where you have a contract with both the card companies (one for VISA, one for MC etc) and a contract with an IPSP. This is the situation I'm talking about and it is one that is quite common for mid-sized merchants, just a bit too large for the various parties listed in those links and too small to be dealing with the overhead of becoming PCI compliant.
Whether you and your friends are aware of that or not is frankly immaterial, I happen to be in that precise situation so I think I know what I'm talking about, whether you believe me or not is your problem.
I'm under no obligation to post any text here whatsoever, this is an internet forum, not some kind of court proceedings and the claim I'm making is not so outrageous that it requires extraordinary proof to satisfy you.
No you are not under any obligation to post anything, however when posting something you claim to be a violation of law or policy is customary to support that claim with citations to where you have gained this knowledge. To date you have not posted any citation to support your claim in a verifiable manner. You have posted no terms, no laws, given no citations of any regulations or policies that are open to the public review, My own investigations have found nothing in any written documentation to support your claims. I believe you are wrong, and have asked you to provide a citation back your claims, which to date you have not.
If this was an official position of either Visa, MC, or an "IPSP" you would be able to post a link to their official terms that spell out that position, since you can not your comment should be ignored.
As to PCI Compliance, I will say again, ALL PERSONS TAKING CREDIT CARD MUST BE PCI COMPLAINT. Small, medium, large it does not matter, if you accept credit cards at all you much be PCI Compliant. Level 4 Compliance is a joke, and even the smallest of small business can become Level 4 Complaint...
Level 1, which is what a Walmart would be, is hard to get and most online merchants do not even attempt to get that.
Most people that will be taking credit cards directly via a form like this will have merchant account and be authorized to use the credit card logos. If they are using a service like PayPal they are mostly redirecting to their service providers site for processing not taking the card info directly.
The usage of the network logos are not as strict as you are implying here, even if you use paypal you can use the Network logos. https://www.paypal.com/us/webapps/mpp/logo-center
There are many approved banners and logos that make use of the card network logos.
I have never had a payment processing agreement where I was barred from using the Network Logos, nor would I sign up for such a service, in the off chance I am wrong please back up your claims with citations to actual laws or statements to support your claim