Community Forums 

Main Content

Compliance with the Payment Card Industry Data Security Standard

    Jul 06 2009 14:33:13

    #1

    Julie Britton

    Join date : 2008-09-18      Posts : 12

    I'm getting BIG emails from HSBC and someone called Security metrics telling me to:
    ' Please note, if you process, store or transmit your transactions using a third party service provider, you will need to ensure they are compliant with PCI DSS before you can complete your own compliance.

    If you are not compliant with PCI DSS, your risk of a data breach and associated card schemes fines and costs is significantly increased.

    Mandated Compliance Programme for card transactions taken over the Internet
    Card schemes deadline 1st October 2009. '

    I've looked everywhere oon Mal's but can see no mention of this.

    Does anyone know what's going on?

    Kind regards
    Jules
    www.luxtenebrae.com



    Jul 06 2009 15:51:31

    #2

    GT

    Join date : 2008-09-18      Posts : 3207

    Having trouble with a form or need one building?
    Fast turnaround, but I do charge :)

    Mal's Forms / Scripts and the syntax are here.




    Jul 06 2009 17:00:54

    #3

    Julie Britton

    Join date : 2008-09-18      Posts : 12

    Ok, I can see that there's a lot of Mal's customers all in the same boat as me. I can see that we're asking if Mal's premium is PCI compliant.
    But I haven't found the answer.

    The last time there was a big UK mandate like this, Mal sent us an email to say that Mal's ecommerce was compliant with what ever it was. How come we're all on our own this time?

    Is Mal not speaking to us? Have we done something wrong?


    Is Mal's ecommerce premium PCI Compliant?

    Jules

    P.S. Looks like Security Metrics are making a killing out of us.



    Aug 13 2009 17:01:20

    #4

    Alan

    Join date : 2008-09-18      Posts : 2951

    We received documents from HSBC, our bank, saying we were a level 4 merchant. After a call to Security Metrics I concluded that we can complete the AOC-SAQ-A questionnaire.

    The questionnaire can be accessed from https://www.pcisecuritystandards.org/saq/index.shtml by clicking on AOC SAQ A (https://www.pcisecuritystandards.org/saq/docs/aoc_saq_a.doc).

    This is on the basis that we have a gateway, Sagepay, that is on the approved compliant list, and we don't enter any credit card details ourselves or hold any.

    Doesn't seem to be a charge to complete the questionnaire - or Security Metrics could assist for 11.99.

    I'll add a post when it's all done and we know HSBC's response! It wasn't obvious that Mal is relevant in our context.

    Alan
    Some shipping help documents are available at www.stoner.org.uk/mals/




    Aug 13 2009 19:13:48

    #5

    Don

    Join date : 2008-09-18      Posts : 487

    www.donbarrow.co.uk
    www.pacenotes.com
    Please either Share or Like my Facebook




    Aug 13 2009 20:07:51

    #6

    Alan

    Join date : 2008-09-18      Posts : 2951

    I've seen the link but would prefer to go for the 'free' option if it works!

    Alan
    Some shipping help documents are available at www.stoner.org.uk/mals/




    Aug 13 2009 22:45:59

    #7

    Don

    Join date : 2008-09-18      Posts : 487

    Hi,

    Alan, what's the link to your free option then.

    I followed my previous link, filled in my data and I was under the impression it was also a free Mal's/McFee service.

    DB.

    www.donbarrow.co.uk
    www.pacenotes.com
    Please either Share or Like my Facebook