Author

Topic: PCI Compliance-SAQ (Read 948 times)

legendary
Activity: 1764
Merit: 1002
August 26, 2012, 12:25:45 AM
#3
Yeap PCI compliance is a HUGE annoyance. I was in charge of implementing PCI compliance with the company I work for. But honestly in the end it is worth it. I know my company spent atleast 200K not including what they are paying me. And it is not like when you are compliant you are complaint. It is always an ongoing effort. Some money saving tips: never store the PAN on your database. If you do it will require dual knowledge authentication. Meaning to reconstruct the key one person knows part of a the key another person knows the other part of the key etc. Granted we had to do PCI SAQ D because we are technically a service provider.
The language in the PCI-DSS is very vague and is ambiguous in some parts. If you have any questions with PCI I may be able to help.

thanks for the offer.  i will keep this in mind.
newbie
Activity: 11
Merit: 0
August 25, 2012, 09:55:21 PM
#2
Yeap PCI compliance is a HUGE annoyance. I was in charge of implementing PCI compliance with the company I work for. But honestly in the end it is worth it. I know my company spent atleast 200K not including what they are paying me. And it is not like when you are compliant you are complaint. It is always an ongoing effort. Some money saving tips: never store the PAN on your database. If you do it will require dual knowledge authentication. Meaning to reconstruct the key one person knows part of a the key another person knows the other part of the key etc. Granted we had to do PCI SAQ D because we are technically a service provider.
The language in the PCI-DSS is very vague and is ambiguous in some parts. If you have any questions with PCI I may be able to help.
legendary
Activity: 1764
Merit: 1002
August 25, 2012, 09:55:22 AM
#1
If you're a CC accepting merchant your processor will charge you at least $30/mo (variable depending on your processor) if you don't complete this online questionnaire once each year so headsup!  Turns out I've been unnecessarily paying this $30/mo for years now (as long as the program has been in existence which I'm not sure how long at this point) as I wasn't aware of this mandatory requirement.  The processor claims they've been notifying me on the front of the monthly statement I get around July of each year (note how it's not a separate, easily identifiable notification letter).


Protecting Cardholder Data with PCI Security Standards

Occasionally, relaxed security by some merchants enables criminals to easily steal and use personal consumer financial information from payment card transactions and processing systems. As a merchant, you are at the center of payment card transactions so it is imperative that you use standard security procedures and technologies to discourage theft of cardholder data.

Merchant-based vulnerabilities may appear almost anywhere in the card-processing ecosystem including point-of-sale devices, personal computers or servers, Web shopping applications, in paper-based storage systems, and unsecured transmission of cardholder data to service providers. Compliance with the Payment Card Industry (PCI) Data Security Standard (DSS) helps to alleviate these vulnerabilities and protect cardholder data.

PCI DSS follows common sense steps that mirror best security practices. PCI DSS and related security standards are administered by the PCI Security Standards Council which was founded by the various credit card associations and card brands. The standards apply to all organizations that store, process or transmit cardholder data. As a merchant who accepts and processes payment cards, you must comply with the PCI DSS.

To fulfill your obligation to become PCI DSS compliant, you are required to take the Self Assessment Questionnaire (SAQ) and undergo scanning services of your payment network, if applicable. To access both of these services, please click on the link below. We have recently updated the website with a new, user-friendly, easy to use site to help aid you through the PCI process. Merchants that have accessed the website prior to 3/27/12, please log in using your current merchant account number as your Username and your current password. If you have forgotten your password, please click on the link below for assistance with resetting your account. If you are accessing this site for the first time, please follow the simple instructions below to obtain your login information.

If you have questions or need assistance during your compliance process, please contact us at (800) 324-9825 or [email protected].
Jump to: