Announcement

Collapse
No announcement yet.

PCI goodbye?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    PCI goodbye?

    I am now running PayPal commerce platform for all website payments, does that potentially mean I can ditch the awful PCI compliance fiasco going forward?
    https://www.harrisontelescopes.co.uk/

    Ed Harrison - Menmuir Scotland

    #2
    Hi Ed,

    I believe you will still need to complete the appropriate forms; however it should be simple.

    We do not capture or hold any card details (all telephone orders are processed by the customer through our billing system online) and we still need to complete the appropriate forms and run the scans.

    There is more information here - https://www.sellerdeck.co.uk/sellerd...on-compliance/
    Josh Barling
    CEO | Sellerdeck Ltd

    josh.barling@sellerdeck.com

    Comment


      #3
      Thanks Josh, would have been nice to avoid all that each year and the quarterly scans!
      https://www.harrisontelescopes.co.uk/

      Ed Harrison - Menmuir Scotland

      Comment


        #4
        Definitely, it does feel like a tax to be honest.
        Josh Barling
        CEO | Sellerdeck Ltd

        josh.barling@sellerdeck.com

        Comment


          #5
          Originally posted by EdHarrison View Post
          ... would have been nice to avoid all that each year and the quarterly scans!
          If you do not process or store any credit card data on your systems then I would question the need to have quartelry scans when all card payments are processed through a third party payment service provider that has to maintain its own high level of PCI DSS compliance.

          Martin
          Mantra Audio
          Martin
          Mantra Audio

          Comment


            #6
            I think it maybe the names, addresses and contact details but will check with security metrics before they fleece me again
            https://www.harrisontelescopes.co.uk/

            Ed Harrison - Menmuir Scotland

            Comment


              #7
              Originally posted by EdHarrison View Post
              I think it maybe the names, addresses and contact details but will check with security metrics before they fleece me again
              Yes it is worth checking out and could save you money if you can opt out of the GDPR assessment.

              I noticed this about 3 years ago when my payment for the PCI compliance renewal more than doubled without any prior notification or explanation.

              This co-incided with the implementation of the GDPR and I did wonder then why suddenly GDPR compliance had been wrapped up under the PCI compliance umbrella, particularly as this was already covered by requirements for registration with UK ICO and I had put a lot of time and effort into re-configuring our systems to ensure the security of personal data (order, names, addresses etc.) that we are legally obliged to retain for tax records.

              I ran the PII scan just once and it did pick out some false positive data on what appeared to be credit card or NHI numbers and US Health record numbers which was re-assuring as we do not knowingly hold any such data on our systems and have no intention of so doing.

              If you do not retain any data of the type that the scans are searching for then they should not be needed.

              The PII scan is not the same as a PCI vulnerabilty scan which should not be required when you use a third party payment service provider but you will still need to complete the PCI assessment questionaire.

              Martin
              Martin
              Mantra Audio

              Comment

              Working...
              X