Re: Cybersource PCI DSS compliant

This a question that all of us will be dealing with in due time. I look forward to one of the big guys reply on this.

Re: Cybersource PCI DSS compliant

I replied to Brad directly via his ticket but the basic summary is wait for Miva to have Merchant 5.5 compliant with PA DSS since that's going to be a requirement before anything else can be accomplished, then we'll look at whether our free pci scan deal with McAfee is applicable to the new requirements or if going with TrustWave or another scanning company will end up being necessary.

Re: Cybersource PCI DSS compliant

Thank you David.... This whole process of the basic "Unknown" is quite nerve racking. It's nice to know Miva, David and others in this community are going to make this all work for us all.

Re: Cybersource PCI DSS compliant

here is Davids GREAT answer. He has all his facts I have to say Hostasaurus has been only A+++ support for me 100% of the time

______

Hi Brad, it's unfortunately kind of a mess right now what is going on with all the changes and it makes it difficult to advise you on how to proceed. Basically here's a quick summary of what all is going on:

1) Visa/MC has decided to implement new security requirements on merchants as of July 1st. This is the PCI DSS stuff.

2) Merchant account providers are the ones charged with enforcing Visa's requirements.

3) Merchant account providers are looking at this as a revenue opportunity and could care less about security because they know that a large percentage of their merchant account customers will probably not be able to pass the new PCI DSS requirements immediately or possibly even in the long term future.

Instead of actually enforcing Visa's requirements and just terminating merchants who are not compliant, since they don't want to lose that merchant's revenue, they're going to impose a bogus fee and threaten that they may terminate your account for not being compliant, which of course they will never actually do when they can just charge you a fee for not being compliant while also appeasing Visa.

4) For Merchants who do want to be compliant and may be able to pass the tests, they've gone a step further and are going to re-sell Trustwave's scanning service so they make money even if you are compliant.

5) Miva Merchant 5.5 is not yet able to pass the upcoming July 2010 PA-DSS requirements but it is very close to being able to and will be able to pass prior to the deadline.

6) We do not yet know if our affiliate agreement with McAfee will allow our current free PCI scanning offering through them to cover merchant's who must comply with the new requirements since those are more indepth.



So what all the above means to you at this point in time is that most likely the best thing to do at this point is to wait until Merchant is able to pass the new tests since paying for scanning before then won't do anything and the new fee won't go into effect until the deadline anyway. Next, once Merchant's updates do get it to where it needs to be to pass the new tests, contact us and we'll tell you if McAfee will still work as a scanning company for these tests for free; if yes, then we'll tell you how to proceed with getting a free compliance scan from them which you can take back to cybersource to avoid the fee. If no, then you'll need to sign up with Cybersource's Trustwave option to have them do the scans instead so you can avoid the larger fee by paying the smaller scanning fee for scanning.
David

Re: Cybersource PCI DSS compliant

The McAfee scan should be acceptable to Cybersouce, as they're an ASV according to the PCI Security Council.

However should is the operative word as we've seen many other merchant account companies refuse to accept anyone other than their "vendor" of choice.