Announcement

**Rick Wilson** · 05-14-18, 02:50 PM

Bill,

It's worth noting unless they're using an iFramed gateway (and we don't support anything by them natively) that you're likely not PCI compliant and they're simply telling you to do an SAQ-A since they know enforcement by Visa, etc... is lax unless you're a mega-merchant.

In other words don't assume you're PCI compliant from what you've described above.

**lesliekirk** · 05-14-18, 03:27 PM

Originally posted by Rick Wilson View Post

Bill,

It's worth noting unless they're using an iFramed gateway (and we don't support anything by them natively) that you're likely not PCI compliant and they're simply telling you to do an SAQ-A since they know enforcement by Visa, etc... is lax unless you're a mega-merchant.

In other words don't assume you're PCI compliant from what you've described above.

Looks like they might use Authorize.net as the gateway?

**Rick Wilson** · 05-14-18, 03:29 PM

Good chance that's the most commonly used Gateway we see. Using our native Auth.met nodule would not qualify you for a PCI SAQ-A unless you're also using MivaPay on top of it.

**SunCam** · 05-14-18, 04:37 PM

They do use Authorize.net and they do have IFramed available. We are not using it yet but we are working on implementing it because that will result in even more savings.

Rick, I'll admit that it seems too good to be true. Would appreciate a full explanation of the downside.

**Rick Wilson** · 05-14-18, 05:29 PM

Bill,

My point isn't about their rates, it's the idea that what they're offering has any impact at all on your PCI Compliance.

A merchant processor using a third party gateway like Auth.net has no ability to verify your PCI Compliance and to the extent they're using that as a sales pitch (especially with you using our native Auth.net) module, then they're demonstrably "full of it" if that's what hooked you. They're in essence doing the opposite of what First Data was notorious for doing. First Data was notorious (through it's sales agents) of forcing on people a crappy PCI scan they could never pass and then "fining" them for it. This is essentially the other side of that poor sales practice, implying you're covered without any diligence and getting you hooked on their low rates.

If you were to be hacked right now, you'd be found to be non-compliant and that you'd used the wrong SAQ when you filled out the questionnaire and ultimately liable for any penalities and they would likely have little or no liability in the process was my point.

**SunCam** · 05-15-18, 04:21 AM

Easy PCI compliance was never a part of their sales pitch, it was all about the rates.

**Rick Wilson** · 05-15-18, 08:02 AM

Bill,

I'm confused then, you titled this Post Easy PCI Compliance? Why?

**SunCam** · 05-15-18, 08:22 AM

The easy PCI SAQ was a pleasant and unexpected surprise that came a month after I signed-up.

**Rick Wilson** · 05-15-18, 08:24 AM

I think that's the disconnect here (and you wrote this very much like a promotion). I can say with certainty that you're not actually Compliant based on what you've described and I'm worried others will read this and follow your lead.

**SunCam** · 05-16-18, 04:03 AM

It was a testimonial, not a promotion. I don't have a financial interest in the company and no one paid me to write the post. I think you have admonished me sufficiently that no one will be tempted to follow my lead.

**Rick Wilson** · 05-17-18, 11:53 AM

Bill,

I was not trying to admonish you at all, I was legitimately confused. I saw a post about Easy PCI Compliance and then a testimonial for a merchant provider. If an unknown poster had posted that, I would have assumed it was spam, but since it was you and I know you from the Forums, I decided to ask and explain.

Good deal on the rates though.

Announcement

Easy PCI Compliance

Easy PCI Compliance

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment