I recently received a phone call asking if I was PCI compliant - I had no clue and did my homework online. I checked with my merchant services provider through whom I do the credit card transactions online and they are PCI compliant but apparently as a small business owner accepting credit card payments, I have to be PCI compliant myself! Does anybody know more about this?
Business Forum
PCI Compliance
New Topic
Post Reply
Follow Topic
Page of 1
- Message
Hi,
I'm glad you asked this question. I was just coming to ask the same thing. Some have received a letter from their processing companies that claims your system has to be tested for PCI compliance for $99 year?
I'd like to hear feedback concerning this. Please share.
Thanks & God Bless,
Tyra
I would not go with the $99 dollar a year, PCI compliant guy. The company I am employed at when I am not working on my side company LOL, actually spends millions each year on PCI compliance. One of my teams does the verification for a large number of our applications.
My understanding is if you have a merchant account, and have developed your own billing systems, then yes you would have to be PCI compliant. If you are using a service to take credit cards for your business, then that company will be the one who has to be compliant.
It is pretty much about protecting credit card data, so it deals with things like when you store credit card data, is it encrypted, do you have the proper controls so that only limited people have access to that data. Do you use a web application firewall or do yearly security testing to ensure hackers cannot get into the applications that store or take this data.
Have all of your developers taken secure coding classes? That is just a few things we have to do each year to pass our audit. If we fail on an item we have a specific time frame to re-mediate the issue or lose the ability to take credit cards and can also be fined.
That is why I doubt the $99 dollar solution is more than a way someone found to make some money. Find business that probably are not needing to be PCI compliant, scare them a little, sell them a scan or something. It feels like snake oil in my opinion.
Here is what wikipedia says about PCI compliance.
http://en.wikipedia.org/wiki/PCI_DSS
-------------------------
Page of 1
Post ReplyAdvertisement
Keep the Community Clean!
- StartupNation forums should be used as a platform to learn, educate others, share stories, tips & tricks and to provide constructive feedback.
- Please do not use the Forums for advertising & blatant self-promotion.
- Please be respectful to other members and refrain from personal attacks and vulgar language.
- StartupNation reserves the right to delete any message, reply, and/or member who violates our terms of use.
Advertisement
Advertisement
Advertisement
Alabama
Alaska
Arizona
Arkansas
California
Colorado
Connecticut
DC
Delaware
Florida
Georgia
Hawaii
Idaho
Illinois
Indiana
Iowa
Kansas
Kentucky
Louisiana
Maine
Maryland
Massachusetts
Michigan
Minnesota
Mississippi
Missouri
Montana
Nebraska
Nevada
New Hampshire
New Jersey
New Mexico
New York
North Carolina
North Dakota
Ohio
Oklahoma
Oregon
Pennsylvania
Rhode Island
South Carolina
South Dakota
Tennesee
Texas
Utah
Vermont
Virginia
Washington
West Virginia
Wisconsin
Wyoming
Alaska
Arizona
Arkansas
California
Colorado
Connecticut
DC
Delaware
Florida
Georgia
Hawaii
Idaho
Illinois
Indiana
Iowa
Kansas
Kentucky
Louisiana
Maine
Maryland
Massachusetts
Michigan
Minnesota
Mississippi
Missouri
Montana
Nebraska
Nevada
New Hampshire
New Jersey
New Mexico
New York
North Carolina
North Dakota
Ohio
Oklahoma
Oregon
Pennsylvania
Rhode Island
South Carolina
South Dakota
Tennesee
Texas
Utah
Vermont
Virginia
Washington
West Virginia
Wisconsin
Wyoming
Advertisement
Contact Us
Privacy
Terms of Use
Become a Marketplace Provider
Advertise
Local Guides
Site Map
Home Business
Start a Business
Copyright © 2013 StartupNation.