A concise explanation of PCI requirements for merchants-don’t ignore-it can cost you big money!

Unfortunately for merchants with an IP connection but luckily for cardholders MC/Visa/Discover/Amex has mandated that all merchants must be PCI compliant by the end of the year to continue processing. It can be confusing because it’s new and many processors have been keeping their heads in the sand and not telling their merchants even though they will have to or shut the merchant down at some point. The first effective date was October 2008 but MC/Visa can be a several months behind with enforcement unless there’s a fine than they just grab your money right away. They fine the clearing bank which rolls over and immediately pays the fine and than withholds the funds from the merchant until paid. So the non compliant merchant is caught in the middle. Once you’re PCI compliant they presumably can’t fine you for identity theft. I’ve been telling my existing merchants about for over a year.

The scans basically search for all services and all open ports running in the target machine. Our scanning firm of choice has a database of over 24,000 known threats that cross check against the target machine. You can see them here https://my.controlscan.com/threats/. If the terminal is connected via a phone line only, there is no requirement for a scan. The SAQ questionnaire is all that would be needed as long as there are no other storage or devices that use credit card data.

This weekend I was reviewing a bulletin sent out to ticketbrokers from one of the Ticket POS organizations. I noticed that they left out a VERY important piece of information. The simple fact is that virtually all current versions of gateways, shopping carts and POS systems are PCI complaint as far as encryption. However this is not the only place where cardholder identity is compromised. It doesn’t matter how good your POS system, gateway or shopping cart is you still have an IP connection to the internet and the only way to be totally compliant so that your processor doesn’t pass through fines to you from their bank is to have a certified security firm scan your server/computers on an ongoing basis.

The typical charge for a Level 4 merchant which most merchants are is only $149.00 per year. This includes weekly scanning and quarterly reports. Contrary to some claims it is impossible to provide a compliant quarterly scan report with only 1 scan per quarter. Also included in this service is the Self Assessment Questionnaire (has to be submitted yearly for compliance) and Breach Protection. A merchant can pay monthly if they like. The cost is $149/year or $15/month, so you save a bit of money if you purchase an annual membership. As I have mentioned before I receive no commissions or referral fees from them in order to keep the cost down top my merchants. For this price there is absolutely no reason that any merchant using an IP connection to enter cc orders shouldn’t be compliant.

See http://blog.paymentconsulting.net/?s=pci

Additional phase in dates will be 10/01/2009 and 07/01/2010. For exact mandates go to http://usa.visa.com/download/merchants/payment_application_security_mandates.pdf

Bill Hoidas
Consultant Manager Larger B2B/MOTO/Internet Accounts
Product Development Manager
Matrix Payment Systems
(847) 381-3482 office
(847) 381-4289 fax
http://paymentconsulting.net
http://chicago.citysearch.com/review/44659273
http://paymentconsulting.net/adv_funding.html
John 3:16 For God so loved the world, that he gave his only begotten
Son, that whosoever believeth in him should not perish, but have everlasting life.

free materials for your business

Hi,

You can get free materials for your business by using the below hyperlink

americanexpress.com/decals.


Bill Hoidas
Consultant Manager Larger B2B/MOTO/Internet Accounts
Product Development Manager
Matrix Payment Systems
(847) 381-3482 office
(847) 381-4289 fax
http://paymentconsulting.net
http://chicago.citysearch.com/review/44659273
John 3:16 For God so loved the world, that he gave his only begotten
Son, that whosoever believeth in him should not perish, but have everlasting life.