Announcement

Collapse
No announcement yet.

PCI Compliance + Barclaycard PDQ + v7

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    PCI Compliance + Barclaycard PDQ + v7

    We take orders via Actinic Catalogue and charge through our own Barclaycard PDQ. Now with the compliance coming into force at the end of the month, we are wondering if anyone knows of a host that has PDI Compliance certification,whereby we are still able to use our PDQ for taking payments.

    Unfortunately our host regretfully has not passed the complaince test, and we are out on a limb.

    I have been warned by SecurityMetrics that not all companies stating they are PDI Compliant are, and they are willing to run a scan on anyone we may wish to use.

    Any help would be much appreciated.

    Shirley

    #2
    If you do a search you will find a HUGE thread on the subject of compliance and Barclays

    Comment


      #3
      Mal,

      Many thanks for trying to help. I had realised this, but feel that many users are not using an electronic PDQ to charge for orders, but are using a PSP. We had a shop for 13 years and continued using this method when we became an e-commerce site.

      Surely there must be some hosts out there, who are PCI Compliance compatible without resorting to PSP payments.


      Shirley

      Comment


        #4
        I think you may have missed the whole basis of PCI. If you do not use a PSP, where are the card details held and how it is compliant, given that actinic software does not meet the guidelines? Spend your time investigating which PSP to use, cos sure as damn it, a PSP is one thing you will have to do. Actinic payments launches soon, take a look into it, sounds perfect for you.

        Comment


          #5
          Jo at pinbrook has compliant hosting but as lee says checkout all the options first as a psp such as the new actinic system is the way to go. Downloading card details will soon be a big no no.

          Comment


            #6
            We aren't offering compliant PCI hosting on shared servers as it is simply not possible to do so. We could get compliance and then someone uploads a dodgy script and POP goes our compliance for 3 months.

            We only offer PCI compliant hosting on dedicated servers.

            Comment


              #7
              Originally posted by leehack
              I think you may have missed the whole basis of PCI. If you do not use a PSP, where are the card details held and how it is compliant, given that actinic software does not meet the guidelines? Spend your time investigating which PSP to use, cos sure as damn it, a PSP is one thing you will have to do. Actinic payments launches soon, take a look into it, sounds perfect for you.
              Leehack,

              I had given our name for information on the Actinic payments which is launching soon, and am waiting for info.

              I just wish it was possible to continue the way we are going with a Host who is PCI compliant. It would be so much easier, as if we find we are out of stock, and the item no longer available from our supplier, then we have to issue a credit with a PSP, whereas now we only have to credit on an occasional basis, because we do not charge normally until the items are despatched.

              In my innocence I thought that the extra expense we paid for a "secure padlock" gave extra security also, but I am now wondering if this mean nothing with the PCI Compliance thing.

              Regards

              Shirley

              Comment


                #8
                Originally posted by RuralWeb
                Jo at pinbrook has compliant hosting but as lee says checkout all the options first as a psp such as the new actinic system is the way to go. Downloading card details will soon be a big no no.
                Mal,

                Thanks. Hopefully my nightmares will come to an end when Actinic sort it. However, am I correct in wondering if I will have to update from v7 to make it possible.

                Regards

                Shirley

                Comment


                  #9
                  Originally posted by pinbrook
                  We aren't offering compliant PCI hosting on shared servers as it is simply not possible to do so. We could get compliance and then someone uploads a dodgy script and POP goes our compliance for 3 months.

                  We only offer PCI compliant hosting on dedicated servers.
                  Jo,

                  Thanks for your comment. I had intended getting in touch with you to see if you were complaint for our needs. It would appear however that one has to buy a server, and I am not that clever to handle that as well. If I am wrong do please let me know.

                  Regards

                  Shirley

                  Comment


                    #10
                    yes you will need to upgrade to v9 for the new payments system but it will mean you don't need a dedicated server so it may be cheaper in the long run to upgrade. If you have cover then the upgrade is free but even if you don't then upggrading is the way ahead as v7 is very old now and with v9 you will soon make your money back in increased sales.

                    Comment


                      #11
                      Originally posted by Shirley Beech
                      I just wish it was possible to continue the way we are going with a Host who is PCI compliant. It would be so much easier, as if we find we are out of stock, and the item no longer available from our supplier, then we have to issue a credit with a PSP, whereas now we only have to credit on an occasional basis, because we do not charge normally until the items are despatched.
                      I still think you have the wrong angle of looking at this, it's about your payment processing more than your hosting. UNcompliant hosting + compliant PSP is fine. You have the option for pre-auth with PSPs, I think this is going to become the law to use in the future, so you are only taking money when shipping the products.

                      The days of your own padlock and downloading orders onto your PC to process manually are finished and rightly so. 50% of site owners can still not grasp taking a snapshot each day and storing it safely, how on earth can we put these people in charge of 1000's of credit card details? More important than that, if their system gets robbed, they present a thief with 1000's of card numbers and addresses AND they have no backup records of the sales most of the time.

                      Some Actinic users are seriously walking a tight rope, the quicker they are forced to protect things properly, the better. There is a big case with a huge compensation claim just waiting around the corner for someone at the moment, once it happens, everyone will run round like headless chickens getting a PSP.

                      Comment


                        #12
                        Originally posted by RuralWeb
                        yes you will need to upgrade to v9 for the new payments system but it will mean you don't need a dedicated server so it may be cheaper in the long run to upgrade. If you have cover then the upgrade is free but even if you don't then upggrading is the way ahead as v7 is very old now and with v9 you will soon make your money back in increased sales.
                        Lee,

                        Thanks for that advice. Is it possible then that with Actinic Payments we will be able to take back orders and charge when the goods are despatched, rather that the Payment company taking all the money when the order is originally placed?

                        Regards

                        Shirley

                        Comment


                          #13
                          I believe so Shirley yes, but i am somewhat in the dark on it also. Croccy knows more about it than me, i just wish it was launched and ready to use, there has been enough hype and talk about it, let us bloody see it now!

                          I think AP is the most excitement we've had since V8 was launched, it's a sad world in web design, or maybe it's just me who is sad.

                          Comment


                            #14
                            Originally posted by leehack
                            I believe so Shirley yes, but i am somewhat in the dark on it also. Croccy knows more about it than me, i just wish it was launched and ready to use, there has been enough hype and talk about it, let us bloody see it now!

                            I think AP is the most excitement we've had since V8 was launched, it's a sad world in web design, or maybe it's just me who is sad.
                            Lee,

                            Let us hope so, we could have "Self Certified" but decided to go the correct route, and what a minefield it has turned out to be.

                            Sorry don't know what "AP" stands for. Do hope it all works out eventually, sincere thanks for your help and support. When you read other forum messages, it is good to know we are not the only ones who has been having problems with it.

                            Regards

                            Shirley

                            Comment


                              #15
                              AP = Actinic Payments. It has been a minefield and many of us are hoping that the Actinic helicopter lifts us out shortly, we can only walk round for so long before we lose a leg.

                              Comment

                              Working...
                              X