Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Payment Card Industry (PCI) Data Security Standard


Guest

Recommended Posts

Posted

I received the following email from my credit card processing company:

 

IMPORTANT INFORMATION BULLETIN YOUR ACTION IS REQUIRED

 

Dear Valued Merchant: We would like to advise you about the stricter security requirements outlined in the Payment Card Industry (PCI) Data Security Standard.

 

If you store, process or transmit less than 1,000,000 credit card transactions per year, you must be able to demonstrate that you are in compliance. This can be done by using security self-assessments and security scans available through a PCI Qualified Security Assessor (QSA) and Approved Scanning Vendor (ASV).

 

PSiGate has partnered with Emergis as our preferred provider of PCI Compliance validation tools. Emergis is both an approved QSA and ASV and is recognized as a leading Information Technology and Security services provider in Canada.

 

For a limited time, Emergis is prepared to offer you preferred pricing for its Assure Security PCI Compliance Centre services. Visit the Emergis Assure Security PCI Compliance Centre at http://www.emergis.com/PCI/en/index.asp?WT_PSI_GATE_2006=hp today and register at http://www.emergis.com/PCI/en/sign_up.asp?...I_GATE_2006=sup for their online scanning services in 3 easy steps. Once registered, you will need to log-in and take a self-assessment questionnaire. If you need any assistance with your responses, access the online help features throughout the questionnaire for more information.

 

These packages normally start from as little as $249. Enter offer code PSiGate 2006 when you register and qualify for an immediate 40% price discount for packages offered through their PCI self-assessment portal online services.

 

This is a reminder message to ensure that you have every opportunity to take advantage of this limited time offer. So don't delay in making the effort to comply with the PCI Data Security Standards. Protect yourself against any non-compliance penalties and fines that may be assessed.

 

Obviously I process WELL under a million transactions each year (or else I would have someone else in charge with worrying about this for me)... Has anyone information on whether this is simply a cash grab or is it in my best interest to spend the $250 to get it done?

 

Thanks in advance for the replies.

 

~Roq

Posted

No one with thoughts, suggestions, or comments?

Posted

I'm just moving over to using Protx Direct on my site ,I'm currently using the Form method.

 

Protx's site mentions a PCI check may be required at some point , but i'm a few days away from finding out. they have already activated the direct module info in my account and it's ready to go , but they haven't contacted me about the PCI check yet... so i'm wondering too..

 

======================================

 

What is PCI?

 

 

 

The PCI standard was co-written by Visa and MasterCard International in order to establish a standard set of requirements throughout the payment card industry. It was designed to establish and enhance data security for credit card processing. The standard is also endorsed by American Express, Discover, JCB and Diners.

PCI is applicable to all/any entities that store, process or transmit cardholder data and consists of the following requirements:

 

* To build and maintain a secure network

* To protect cardholder data

* To maintain a vulnerability management program

* To implement strong access control measures

* To regularly monitor and test networks

* To maintain an Information Security Policy

 

How does PCI affect Protx merchants?

 

The PCI standard is applicable to all merchants and payment gateways that store, process or transmit cardholder data.

 

If you choose to use VSP Form or VSP Server you will not need to undergo the audit. With these systems, the collection and storage of card details is carried out by Protx and is covered by our approval under PCI.

 

If you plan to use VSP Terminal and collect the card details in order to enter them into the Terminal, it is advisable that you read through the PCI requirements to make sure that you adhere to the best practice guidelines. If you process a very small number of transactions in this way, then it is advisable for you to make sure that you destroy any cardholder data once you have entered it into VSP Terminal, so that you never store any cardholder data yourself.

 

VSP Direct merchants collect card details on their site before passing them across to Protx. If you choose to use VSP Direct you will therefore need to ensure that you are PCI compliant. The level of compliance will depend upon the number of transactions processed. The best way to become compliant quickly and easily is to ensure that you submit the card details directly to Protx and make sure that you do not store any card details yourself.

 

If you plan to use VSP Direct but you do not wish to undergo the PCI audit, then you should use VSP Server instead.

 

Protx uses a company called One Sec to carry out our external audits and we have negotiated a special discount for any Protx merchant who wishes to use One Sec for their audit.

 

For further information on PCI and to find out whether you are required to undergo an audit, please click here: http://www.one-sec.com/compliance/protx.htm.

 

For further information on PCI and to find out whether or not your business needs to undergo a PCI audit please click here.

 

===================================

  • 2 weeks later...
Posted

If anyone else is interested in this... here is what I found out:

 

From PSiGate Sales Rep:

PCI is a joint venture between the cc companies for creating the security standards. It is currently not mandatory but the industry is moving towards making everyone certified. Currently this was an offer to those that are interested in participating at a 40% savings before it become mandatory

 

My response:

When is the industry going to be making this mandatory? Next 6 months, year, 5 years?

 

From PSiGate Sales Rep:

It is up to the Acquirer but the pressure to have this done this year is on by Visa/MC

 

My verdict... It may or may not happen. This may have been a simple cash grab by PSiGate. I hope someone else finds this information useful.

 

~Roq

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...