Community Forums 

Main Content

Re:PCI Compliance

    Oct 31 2014 20:30:32

    #1

    Ian S

    Join date : 2008-09-18      Posts : 154

    We're based in the UK and take credit cad payments via Sagepay and PayPal.
    The SagePay transactions go through Cardnet (part of Llyods TSB) who handle the PCI DSS compliance.
    The first time we applied for compliance the paperwork was fairly detailed, but as we don't store any card details electronically - it all passes through Mals to Sagepay to Cardnet, this simplified the compliance route massively.
    Now each year renewal is a short telephone interview which basically asks us if anything has changed in the way we deal with card payments since the last assessment , and if all is the same we get a new certificate. All at no cost.
    The only costs with Cardnet are if you don't renew each year where upon there’s a £25 per month 'fine'.
    We were advised that a scan of our systems is only required if the customers card details are transmitted to us in full or are stored by us electronically (which they are not).