Re: PCI-DSS Compliance RE: Stone Edge, Hostasurus & Miva 5.5
The credit card companies are making the rules NOT the processors. That's like your service station telling you that you are compliant with EPA on the new exhaust they just sold you.
There seems to be some myth out there that if you just talk to someone on the phone about one piece of software you are good to go. PCI/PA-DSS refers to ALL aspects NOT just your shopping cart i.e. server, wireless lan, internet connection, paper storage if any , and on and on. Any area that stores, transmits or processes credit card data.
You must also have ongoing written security protocols for things like password access and regular changing of you password....
That all said, my freaking head is going to explode!
Violation of any of the above can have Visa or MasterCard at your door after the fact with hefty fines or loss of service. I have a sneaky suspicion that if you lose your merchant account because of a PCI-DSS violation, it will be difficult to get a new one somewhere else.....
As for PayQuake. They have not threatened me yet. They simply said "60 days". They have spent over an hour on the phone with a helpful attitude paralleled only by TrustWave whom I have spent two hours speaking with. $11 a month - money damn well spent. When it is all said and don't I won't be wondering if I am compliant I'll know........
I look around and I see Authorize.net, PayQuake and TrustWave in my corner during this fight. The rest of "my people" are wandering around........
Originally posted by surveillanceguy
View Post
The credit card companies are making the rules NOT the processors. That's like your service station telling you that you are compliant with EPA on the new exhaust they just sold you.
There seems to be some myth out there that if you just talk to someone on the phone about one piece of software you are good to go. PCI/PA-DSS refers to ALL aspects NOT just your shopping cart i.e. server, wireless lan, internet connection, paper storage if any , and on and on. Any area that stores, transmits or processes credit card data.
You must also have ongoing written security protocols for things like password access and regular changing of you password....
That all said, my freaking head is going to explode!
Violation of any of the above can have Visa or MasterCard at your door after the fact with hefty fines or loss of service. I have a sneaky suspicion that if you lose your merchant account because of a PCI-DSS violation, it will be difficult to get a new one somewhere else.....
As for PayQuake. They have not threatened me yet. They simply said "60 days". They have spent over an hour on the phone with a helpful attitude paralleled only by TrustWave whom I have spent two hours speaking with. $11 a month - money damn well spent. When it is all said and don't I won't be wondering if I am compliant I'll know........
I look around and I see Authorize.net, PayQuake and TrustWave in my corner during this fight. The rest of "my people" are wandering around........
Comment