Warning: preg_replace() [function.preg-replace]: Compilation failed: unknown option bit(s) set at offset 0 in /home/merch3d/public_html/blog/wp-includes/shortcodes.php on line 257

I can’t imagine a law firm not getting one. Do you have an online contact form? As a legal practice, wouldn’t you want to go the extra step to secure any communication sent to you via that contact form? The SSL certificate has multiple uses for your web site domain including accepting payments, securing surveys and securing communications.
To accept payments on your web site with CenPOS, most, if not all, law firms prefer to embed the payment object onto your own web page so the client never leaves your web site. This is achieved with an iframe, a single line of html that you place on your web page. Although the CenPOS object is secured, if you do not have an SSL certificate, the little lock will not appear at the bottom of the web page, leaving your client to wonder about security. You could also create a pop up box and it would display a CenPOS URL with the secure lock.

See also Which SSL certificate should I choose?

If you plug a PCI Compliant credit card processing terminal into a VoIP connection, then your processing is no longer compliant.

This explanation attempts to detail why. Traditional phone = analog. Traditional lines use hardware to send data ie the copper line. When using a 2008 compliant credit card terminal, the desktop terminal sends encrypted credit card data from the merchant to the processor and back using analog signals.

VoIP = digital. VoIP traffic flows across the Internet in unencrypted packets, which means anyone that has access to the network between sender and recipient can intercept them. So the desktop terminal may be compliant, but once the data is on the open network, the merchant set up is no longer PCI Compliant. Even though there are optional packages that can be attached to some VoIP networks, they do not meet current PCI compliance standards for the credit card processing industry.

If you attach a magnetic card swipe to your computer the transaction is processed using SSL security. It is not the same as VoIP. SSL uses a cryptogaphic system. It has two keys to encrypt data- a public key known to everyone, and a private key known only to the recipient. The magnetic card reader can be used with many POS systems and a high speed DSL, cable modem or T1 line.

Internet, ecommerce, and virtual terminal transactions all use SSL.

There are important considerations to check for both mag card readers and ecommerce transactions. Each requires a Gateway. The Gateway enables secure, real-time payment processing of credit card transactions. It is not the same as a credit card processor. Most people don’t realize that gateways and ecommerce stores must pass specific information through to the credit card processor to get better rates. Most systems focus on fraud protection, but do not necessarily pass through critical data required to meet specific interchange requirements. Sometimes the store doesn’t pass the data, and sometimes the gateway doesn’t pass the data- it all depends on company capabilities.

I’m not a tech expert but in general, the description above is sufficiently accurate to explain why. Bottom line: Visa & MasterCard officially state there is no acceptable VoIP solution that meets PCI Compliance requirements.