Community Forums 

Main Content

Re:PCI Compliant

    Jul 08 2009 12:17:46


    Julie Britton

    Join date : 2008-09-18      Posts : 12

    GT - The trouble is, 'the logo's wouldn't be on the site if it wasn't secure' does not equal PCI compliance.

    From HSBC: 'Please note, if you process, store or transmit your transactions using a third party service provider, you will need to ensure they are compliant with PCI DSS before you can complete your own compliance.'

    Further more, Mals supplies us with the password to access our cart, therefore our customers card details, and we can not change the password.
    This may mean Mal's fails PCI DSS compliance if they choose to see that password as a default.

    HSBC point 2 of 12 Key requirements for level 4 merchants:
    'Do not use vendor-supplied defaults for system passwords and other security parameters'

    So, is Mal's PCI DSS compliant or not? If so, which QSA ensured the compliance?