Announcement

**Golf Tee Warehouse** · 24-Apr-2010, 04:43 PM

I use an identical combination and am also Level 4 and use the MOTO form so completed SAQ C.

You will need to get a network scan if you use the MOTO form.

I completed the SAQ C MS Word Document that I download from www.pcisecuritystandards.org and signed up for a free network scan from Comodo/Hackerguardian the free subscription is valid for 90 days so did an itital scan that passed and have just performed a second scan on day 89 which covers the frist two scans. When the next scan is due I will probably try the McAfee free 12 month scans offer before I start to look around for the paid for options.

HackerGuardian provide a compliance report in pdf format that you can donwload.
I then logged into the Arsenal site and uploaded both the SAQ-C Word Doc and the Scan compliance report and I am then covered for the next 3 months, when an email is sent reminding you that another scan report is due. I have not been asked to provide any additional documentation.

I do not remember seeing anything requesting proof of compliance of the PSP, if you can state where you saw the request I will check it against the letters/forms I have.

**Golf Tee Warehouse** · 24-Apr-2010, 04:49 PM

If you do need to upload a certificate Actinic have the Creditcall PCI certificate on their website for download
Direct Link: http://www.actinic.co.uk/docs/produc...ertificate.pdf

**EdHarrison** · 25-Apr-2010, 07:40 AM

On the SAQ what is payment application in use / payment application version?

PS: Arsenal in their wisdom changed me to level 3! I use AP and the MOTO form via a single PC...

**Darren B** · 25-Apr-2010, 08:16 AM

Originally posted by Golf Tee Warehouse View Post

If you do need to upload a certificate Actinic have the Creditcall PCI certificate on their website for download
Direct Link: http://www.actinic.co.uk/docs/produc...ertificate.pdf

Thats what i was looking for, thank you i cant remember were i read it. It might actually have been in the SAQ C somewere but not required. I think this week i will sit down and file the forms.

Cheers for the info
Darren

**Darren B** · 25-Apr-2010, 08:16 AM

Originally posted by EdHarrison View Post

On the SAQ what is payment application in use / payment application version?

PS: Arsenal in their wisdom changed me to level 3! I use AP and the MOTO form via a single PC...

Are you still on level 3 or has this been changed?

**Golf Tee Warehouse** · 25-Apr-2010, 08:17 AM

I entered:
Payment Application in use: Creditcall
and
Payment Application Version: eKashu

I was unsure if this was the correct answers but he best I could come up with.

Level 3 I though was for companies with over 20,000 transaction a year, does that apply to you.

**Golf Tee Warehouse** · 25-Apr-2010, 08:18 AM

The actinic info on this page http://www.actinic.co.uk/ecommerce-s...ompliance.html has some useful information and worth a read through.

**Darren B** · 25-Apr-2010, 09:25 AM

I have read so much i think i confused myself. I have trawelled alot of links here and from other places and have a feeling im looking to deep into this.

A fresh look next week will probably be the best thing

**EdHarrison** · 25-Apr-2010, 12:09 PM

I passed as compliant at level 3 (they changed it not me) in February but I have requested it be corrected - I am lucky to do 5000 transactions not 20,000!

The support is useless at Arsenal and I think the whole PCI DSS thing is flawed and needs one body to control it properly not just companies using it as a form of income.

**EdHarrison** · 26-Apr-2010, 06:16 PM

Update

If anyone is struggling with the scan results via Qualys / Arsenal (a quick google shows Im not alone) I signed up with Mcafee and passed the scan no problem!

Announcement

RBS / Streamline & PCI DSS

RBS / Streamline & PCI DSS

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment