PCI DSS compliance – advice please
The company I work for processes a handful of credit card transactions every year and because of this we have to be PCI compliant.
One of my co-workers has been involved *cough* with the initial validation but the task of maintaining compliance has fallen to yours truly and I can see that there is Still Some Work To Do as they say.
Has anyone been involved in PCI compliance testing and if so can they recommend an accredited third party that would help us maintain our compliance? Preferably one that doesn’t cost £1000s
CheersPosted 4 years agoscuttlerMember
Starter for ten is what level of merchant you are. By ‘handful’ I guess you’re a level 4 but it essentially determines your obligations and of course associated cost. By compliance testing are you referring to having your website scanned for vulnerabilities and problems that may lead to card data compromise, or something else such as assistance with the questionnaire/process?Posted 4 years agoTPTcruiserSubscriber
Who do you bank with? Worth a punt if you have small numbers of transactions.Posted 4 years ago
Sage are used by my employer, I think we were Protex then taken over by Sage, okay for our needs and plugs into accounts package.
Boxes to tick and a shredder is the outcome; good proof that no card details are held by you.nickdaviesSubscriber
Normally your acquiring bank will recommend you a company.
I’ve got a few for different merchant accounts, securitymetrics I use for the main questionnaire and then just bang the certificate across to the other banks needing one.
Costs £12.99 a year I think, just self certify if you’re not putting huge amounts through. If only ‘a few transactions a year’ then you should just fall under basic requirements. You shouldn’t really need any third party involvement but depends on your circumstances.Posted 4 years agosamuriMember
Outpost24 are ok, yep.
My guess is after going through attestation now about 6 or 7 times, is that virtually all companies aren’t completely honest when they attest, either intentionally or accidentally. Being 100% compliant is extremely difficult. It’s a target but few actually get there.
At the end of the day your compliance status will only come under scrutiny if you get breached but you have a duty to be as good as you can and then try and fix the remaining holes through a formalised plan.Posted 4 years agoenfhtMember
Don’t go down the third party route, it’s a very expensive gravy train.
What compliance level are you?
The biggest deciding factor is card number retention, its the one big game changer ime.
In reality the hardest obstacles I’ve hit are with the FD choosing their own interpretation of the rules..Posted 4 years ago
The topic ‘PCI DSS compliance – advice please’ is closed to new replies.