PCI DSS Compliance - are you?

By : Administrator
Published 19th September 2012 |
Read latest comment - 15th October 2012

This ones raised it's head from time to time, but until now we've never been forced to do it.

The PCI Data Security Standard provides a worldwide framework for all credit card transactions from websites and card readers. If you take card payments, then the chances are you need to be compliant.

Our card payment processor, Streamline has just told us we need to be compliant by the 1st October otherwise its a

Steve Richardson
Gaffer of My Local Services
My Local Services | Me on LinkedIn
Comments
Well an hour later and starting again from scratch, we've cracked it

That's an hour of my life I won't get back, only hope it was worth it...

Steve Richardson
Gaffer of My Local Services
My Local Services | Me on LinkedIn

I decided I'd stick with payment by cheque until this became IMPOSSIBLE! Thank goodness the banks are hauling back a bit from their earlier intention to get rid of cheque payments.

You take a hit from not going down the credit card payment route. Personally it's one I can live with.

Linda
CareersPartnershipUK

I chose to ignore the first letter streamline sent me, but I received another yesterday informing me that that I still need to do it otherwise they can fine me upto

Thanks,
Barney

Steve did you use their qualified security assessor or do you have your own QSA?

I think this was one of our stumbling blocks, as we had to show penetration testing, network diagrams.

Turns out we chose the wrong options. In our case, we don't physically handle any credit card transactions online, at the payment stage, we pass those on to a worldpay, who need to be compliant. So we got a pass for that section.

As for the card machine in the office, as long as we can show we have a policy of shredding numbers and not storing any data, and only authorised people can use the machine, then this seems to tick all the boxes, so no security assessment was needed.

Not sure why after 6 years we suddenly have to do this now. Good job it wasn't needed when I started and had the machine in my house

Steve Richardson
Gaffer of My Local Services
My Local Services | Me on LinkedIn

Wonder if this will apply to everyone - according to the letter we had it does.

But what about the following?

Im having a chip repair chap out soon to my car - he actually wants paying by card instead of cash - apparently he has an attachment for his fone, until i see it i dont know much about it ... must ask him when he comes back ...

Clive

Well I'm now apparently compliant and have a certificate to prove it
Although I get the feeling I've just been shafted for nearly

Thanks,
Barney

Well I'm now apparently compliant and have a certificate to prove it

Don't forget the lovely logo for your website

Steve Richardson
Gaffer of My Local Services
My Local Services | Me on LinkedIn

Hi,
Sorry if this is in the wrong place but its related to this question.
I am also with streamline and have received this notice.
It states at the bottom you can cancel your contract with streamline if you don't like the new conditions, well I want to cancel my contract with them. I have 2 years remaining on my original contract but it seems you can cancel your contract but the hire agreement for the card terminal is seperate so I would still have to pay for that! Is this correct? If it is I might as well keep the contract going. Any help would be appreciated.
Kevin

kevinm75

Hi,
Sorry if this is in the wrong place but its related to this question.
I am also with streamline and have received this notice.
It states at the bottom you can cancel your contract with streamline if you don't like the new conditions, well I want to cancel my contract with them. I have 2 years remaining on my original contract but it seems you can cancel your contract but the hire agreement for the card terminal is seperate so I would still have to pay for that! Is this correct? If it is I might as well keep the contract going. Any help would be appreciated.
Kevin

Hi & welcome Kevin

That is a very interesting question! I would have thought you could reject the new Ts & Cs and under that force cancellation as they are changing the terms of which you originally signed.

I had a similar experience with my Bank last year - they changed the Ts & Cs of several accounts i held - being the cantankerous type and dug my heels in saying i wasnt happy with the changes. As i had locked some money away on a long term deal they said i could withdraw that money without loss of interest as they had changed the Ts & Cs.

Hope this helps - dig your heels in though & make a fuss - after all they changed the terms not you

Let us all know how you get on

Clive

This Thread is now closed for comments