Community Forums 

Main Content

PCI Compliance

    Sep 15 2014 13:20:32

    #1

    cassie75

    Join date : 2008-09-18      Posts : 293

    This hasn't been discussed for a while on here but we all must be affected to some degree.
    Mal told me last year that the "deal" with McAfee is no longer valid and hadn't been for years. We had been using it up to a few months ago when they said the free option was no longer valid.
    We are now in the position of finding a new way to do it by mid November
    I really don't understand what we need or how to go about it - it has been a few years since we set it up originally.
    We really don't want to have to pay the bank to validate something the bank is asking for. Seems like a scam, but equally we don't want to be fined.
    Anyone have a free alternative? Or know which forms we have to fill out?
    We have a manual terminal (from Worldpay) which is not connected to the net but we obviously use a computer to print the card details from Mal's site. They are then shredded at the end of the day.
    We pass all the things we need to physically in the office.
    We were told we have to have our websites scanned but don't understand why when the cart is on Mal's website.
    Any help or links would be appreciated.

    Life is too short to work 8 hours a day - thats why I work 16 :-)




    Sep 16 2014 22:36:11

    #2

    Don

    Join date : 2008-09-18      Posts : 518

    Well I went through all this with Mcafee also who were being far to pedantic in their online scans.

    However Worldpay are using Trustwave for their PCI compliance, it looks a bit daunting, but if you proceed with Trustwaves online scan procedure, where you will probably, like me, get a 100% pass. As Mal's is handling all the card details, you then need to speak to someone at Trustwave to confirm to them that is the case.

    Once they accept your info, they will probably give you a PCI compliant certificate number, wait for it, at no cost !

    DB

    www.donbarrow.co.uk
    www.pacenotes.com
    Please either Share or Like my Facebook




    Sep 19 2014 08:30:06

    #3

    cassie75

    Join date : 2008-09-18      Posts : 293

    I am so glad we were not the only ones that had problem with McAfee finding so many bits :-)

    Are you usuing Worldpay as a gateway?

    We use Streamline which is now branded Worldpay but for manual payments.

    We have to upload a certificate to Trustwave but they will charge me quite a bit IF my site needs scanning - which McAfee said it did. I can upload a certificate for free if from another supplier - which we used to do with the McAfee one.

    Life is too short to work 8 hours a day - thats why I work 16 :-)




    Sep 19 2014 18:42:05

    #4

    Don

    Join date : 2008-09-18      Posts : 518

    Yes I do use Streamline.

    DB

    www.donbarrow.co.uk
    www.pacenotes.com
    Please either Share or Like my Facebook




    Sep 20 2014 12:50:47

    #5

    cassie75

    Join date : 2008-09-18      Posts : 293

    Don said Yes I do use Streamline.

    DB


    So how did you get Trustwave to give you it for free when they want to charge me?
    Do you accept manual payments?
    Does anyone else have a suggestion?

    Life is too short to work 8 hours a day - thats why I work 16 :-)




    Sep 23 2014 18:47:23

    #6

    Don

    Join date : 2008-09-18      Posts : 518

    Yes I only accept manual payments.

    I too thought I was probably going to be charged, however I submitted my application and it passed OK and because I was already with Streamline it simply sailed through.

    DB

    www.donbarrow.co.uk
    www.pacenotes.com
    Please either Share or Like my Facebook




    Sep 28 2014 11:06:22

    #7

    cassie75

    Join date : 2008-09-18      Posts : 293

    Do you have a phone number or which company/department you contacted? When i speak to anyone they say i have to pay.

    Did you not have to pay to get your website scanned?

    Life is too short to work 8 hours a day - thats why I work 16 :-)




    Sep 28 2014 17:00:07

    #8

    Don

    Join date : 2008-09-18      Posts : 518

    www.donbarrow.co.uk
    www.pacenotes.com
    Please either Share or Like my Facebook




    Oct 31 2014 12:58:55

    #9

    cassie75

    Join date : 2008-09-18      Posts : 293

    tried the link - searched the site - found no information on what the charges are. Asked via the site for someone to get back to me. Over a week later someone emailed and asked if i still needed help. gave him the details - he just said pay up or else $70. told him several times that I was in the UK but each time he came back still gave price in dollars. He was no help at all. He suggested going back to Streamline but they told me to go to Trustwave. round and round in circles and only a month to get it sorted. panicking now.
    Surely more than just Don and me have this issue? Anyone?

    Life is too short to work 8 hours a day - thats why I work 16 :-)




    Oct 31 2014 20:30:32

    #10

    Ian S

    Join date : 2008-09-18      Posts : 169

    We're based in the UK and take credit cad payments via Sagepay and PayPal.
    The SagePay transactions go through Cardnet (part of Llyods TSB) who handle the PCI DSS compliance.
    The first time we applied for compliance the paperwork was fairly detailed, but as we don't store any card details electronically - it all passes through Mals to Sagepay to Cardnet, this simplified the compliance route massively.
    Now each year renewal is a short telephone interview which basically asks us if anything has changed in the way we deal with card payments since the last assessment , and if all is the same we get a new certificate. All at no cost.
    The only costs with Cardnet are if you don't renew each year where upon there’s a £25 per month 'fine'.
    We were advised that a scan of our systems is only required if the customers card details are transmitted to us in full or are stored by us electronically (which they are not).



       1   |   2      »