PCI compliance

Just got my merchant statement in, and had to pay to become PCI
compliant… wondered if everyone is having to go through this? What
a pain!

Beth Wicker
Three Cats and a Dog Design Studio

http://bethwicker.ganoksin.com/blogs/

Thanks for the heads up. I just called my processor and was told
this is something handled by the processors and that I, as a
merchant, need do nothing. Which confuses me because what I just read
online seems to contradict that.

http://www.pcicomplianceguide.org

I take this to mean ‘merchants’ have to do some sort of security
scan and questionnaire at least annually. Did I say I was confused?

What was involved in your bank bringing you up to compliance, if I
may ask?

Yes, I did as well after making many calls to see if it really was
necessary…

Regards,
Audie Beller of Audie’s Images

Neil - my bank sent an insert in my last statement with a referral
to a specific company that handles the compliance certification
(there are several; they said you could use any, but not knowing
anything about any of them I used the one they recommended). You have
to “enroll” first, then complete the appropriate questionnaire. I
enrolled by phone, since as a sole proprietorship using an old
fashioned knuckle buster card machine I was not fitting any of their
pre-set categories!

So they enrolled me by phone, helping figure out which set of
questions I qualified for; I gather this varies by what machine you
use, how you store and use data, number of employees, dollar volume,
etc. They are interested in what types of security you should have.
Since I do not take CC on the web, don’t store any CC data on
computers; and don’t have an electronic CC machine, I got the
“short” questionnaire - which they e-mailed to me.

Then you answer the questions on how you handle data security, etc.,
and they grade you, and you pass or revise your policies until you
pass.

Which struck me as pretty worthless, since you could, of course, put
in the answers they wanted whether they had anything to do with
reality or not!

Having been a victim of identity theft myself I am VERY careful
about how I handle other people’s CC info! Although that said, in my
set up who would access it - my cats and dog???

Anyway, it did not take long - phone call and questionnaire together
maybe 15 minutes? They said if you don’t do this you will be charged
a non-compliance fee monthly; size of fee based on your average
monthly CC sales. At my low (gosh - wish that was different!) rate
it would run about $10/month they thought; but that means in 3 months
I would already pay more than the about $25 compliance fee…so
financially worth doing for me.

Would be interested in hearing from others.

Beth Wicker
Three Cats and a Dog Design Studio

http://bethwicker.ganoksin.com/blogs/

Your MSP is required to provide to the credit card companies evidence
of their merchant client’s PCI compliance regarding storing, handling
and transmitting credit card transactions. My MSP made me fill out a
questionnaire this past fall and then charged ME $30 for doing so
(you know, administrative expenses… yeah right). If you do a large
amount of sales, it goes beyond just filling out a questionnaire.

Hope that helps.

Lynn White
www.lynnwhitejewelry.com