Community Forums 

Main Content

PCI Compliance

    Oct 31 2014 20:30:32

    #1

    Ian S

    Join date : 2008-09-18      Posts : 154

    We're based in the UK and take credit cad payments via Sagepay and PayPal.
    The SagePay transactions go through Cardnet (part of Llyods TSB) who handle the PCI DSS compliance.
    The first time we applied for compliance the paperwork was fairly detailed, but as we don't store any card details electronically - it all passes through Mals to Sagepay to Cardnet, this simplified the compliance route massively.
    Now each year renewal is a short telephone interview which basically asks us if anything has changed in the way we deal with card payments since the last assessment , and if all is the same we get a new certificate. All at no cost.
    The only costs with Cardnet are if you don't renew each year where upon there’s a £25 per month 'fine'.
    We were advised that a scan of our systems is only required if the customers card details are transmitted to us in full or are stored by us electronically (which they are not).



    Nov 02 2014 13:17:32

    #2

    Don

    Join date : 2008-09-18      Posts : 487

    Don said Well I went through all this with Mcafee also who were being far to pedantic in their online scans.

    However Worldpay are using Trustwave for their PCI compliance, it looks a bit daunting, but if you proceed with Trustwaves online scan procedure, where you will probably, like me, get a 100% pass. As Mal's is handling all the card details, you then need to speak to someone at Trustwave to confirm to them that is the case.

    Once they accept your info, they will probably give you a PCI compliant certificate number, wait for it, at no cost !

    DB


    Cassie75 - IanS is virtually saying what I stated in my first post above.

    DB.

    www.donbarrow.co.uk
    www.pacenotes.com
    Please either Share or Like my Facebook




    Nov 08 2014 16:07:20

    #3

    cassie75

    Join date : 2008-09-18      Posts : 273

    But we don't take payment via Sagepay or PayPal.

    We only take manual payments as we don't want to charge customers cards until the parcel is actually sent.

    McAfee said we had to have scans of our site because we connect to Mal's and that could leave a vulnerability.

    Everyone we speak to connected with our merchant account says we have to pay the vast amounts of money to them to comply with their rules. Seems so unfair that they make the rules and get the money from those rules.

    Anyway - will try Trustwave again but they really were not any help at all.

    Do either of you have a phone number or contact name - the chap i have been in contact with at trustwave (David Forsyth) is absolutely useless.

    Life is too short to work 8 hours a day - thats why I work 16 :-)




    Nov 28 2014 13:49:37

    #4

    cassie75

    Join date : 2008-09-18      Posts : 273

    OK - final update on this post.

    We went onto the Streamline/Worldpay website and clicked the PCI Comply Now button which took us to the Trustwave website. We used to use that to upload the certificates from McAfee so we logged on but couldn't see what to do next.

    After several phone calls to both Worldpay and Trustwave, they eventually added a button so we could do the questionnaire on there. We filled it in the same as we did on McAfee but it did not say we needed website vulnerability scans, and they were the main problem with McAfee !!

    To cut an already long story short - we appear to now be compliant but have had to pay the £30 fee to Worldpay. How Don got it free we have no idea.

    The questionnaire did flag up a couple of things we had forgotten so it was well worth doing. Just don't like having to pay for something we used to get free through Mal's :-(

    Life is too short to work 8 hours a day - thats why I work 16 :-)




       «      1   |   2