Announcement

Collapse
No announcement yet.

PCI DSS 4.0 External Compliance Scan

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    #46
    Originally posted by 4children2enjoy View Post
    We are making progress with resolving the problems flagged up by the ClearAccept PCI scan...
    Hello Andy
    I haven't come across the vulnerabilities you mention but would just like some clarification on your opening statement.
    Was your scan actually undertaken by ClearAccept or some other ASV?
    Martin
    Mantra Audio

    Comment


      #47
      Well Clearaccept is the gift that keeps on giving. It seems shared hosting is not PCI compliant which might rip the guts out of my reselling business.
      ​​​​​​
      Sellerdeck hosting is on shared platforms, can anyone hosting with them do a PCI compliance check to see if they are compliant?
      Jonathan Chappell
      Website Designer
      SellerDeck Website Designer
      Actinic to SellerDeck upgrades
      Graphicz Limited - www.graphicz.co.uk

      Comment


        #48
        Our scans are being carried out ClearAccept Payment Guard. We use Sellerdeck 8.2.2.

        We had only three vulnerabilities, the first regarding the DB subfolder, and the second requiring upgrading to Jquery 3.5.1 - see Gary's post "Sellerdeck site fails PCI-DSS scan".

        Gary's post "HTTP Headers required for PCI Scan Compliance" was also very helpful.

        The third vulnerability is still outstanding - see above. We are hoping to persuade Clear Accept that it is a false positive.

        ClearAccept PCI compliance seems to be just another annoying hurdle to overcome. It is nowhere near as hostile as Worldpay PCI compliance used to be.
        Andy Shercliff
        www.4children2enjoy.co.uk

        Comment


          #49
          Thank you Andy
          Jonathan Chappell
          Website Designer
          SellerDeck Website Designer
          Actinic to SellerDeck upgrades
          Graphicz Limited - www.graphicz.co.uk

          Comment


            #50
            Originally posted by 4children2enjoy View Post
            Our scans are being carried out ClearAccept Payment Guard. We use Sellerdeck 8.2.2.
            Thank you Andy for the confirmation.
            The only information I received from ClearAccept was dated 28 March and this concerned the setting up of the PCI Compliance Validation Service from 1 June and as far as I can see there was no mention of a ClearAccept ASV being made available.
            The communication from ClearAccept stated
            From 1st June, you can contact our PCI Compliance Validation Service team directly by calling ### ### ### ####
            I called the number today and was surprised to get though to speak to a person who was helpful in checking out the position with ClearAccept customer services.
            During the call I was informed that the ClearAccept ASV would not be available until I get access to the online portal after login detail email(s) scheduled to be sent out later this month have been received.
            That's really useful to know as our existing PCI compliance SAQ expires on 23 May so I need to have a passing SAQ and vulnerability scan completed by this date to maintain compliance!
            Martin
            Mantra Audio

            Comment


              #51
              For your interest...

              I have opened a reseller account with Brixly which is PCI compliant hosting.

              One of my customers has moved onto it and their PCI scan is now:

              Overall PCI Status PASS
              Yay

              It is quite affordable too. Visit Brixly

              Click image for larger version  Name:	pcidss-240.jpg Views:	0 Size:	9.1 KB ID:	557162
              Jonathan Chappell
              Website Designer
              SellerDeck Website Designer
              Actinic to SellerDeck upgrades
              Graphicz Limited - www.graphicz.co.uk

              Comment


                #52
                Finally compliant, best part of 3 weeks after 1st scan and 5th one last Friday.

                No way could I of waded through the complexities of this myself,

                However, ticket with Sellerdeck, a minor adjustment to something in the site folder as a result made sure the software side of things were good, and a massive shout out to Jonathan @ graphciz for very pro-actively sorting the server side of things.

                All hoops jumped thorough for now, but no doubt more rolling this way.
                www.devotedly-discus.co.uk

                Comment


                  #53
                  Yes, we are also now complaint via the ClearAccept scan.
                  ClearAccept were very helpful on the phone.
                  Andy Shercliff
                  www.4children2enjoy.co.uk

                  Comment


                    #54
                    I have written a review article at https://www.graphicz.co.uk/blog/pci-...y-clearaccept/

                    Please feel free to send feedback and if I have left anything out or got anything wrong please let me know and I will amend it with acknowledgement.

                    Thank you!
                    Jonathan Chappell
                    Website Designer
                    SellerDeck Website Designer
                    Actinic to SellerDeck upgrades
                    Graphicz Limited - www.graphicz.co.uk

                    Comment


                      #55
                      I have never been asked to scan before, and now I am.

                      is it where PCI has become stricter, or is it the way ClearAccept works?
                      Regards

                      Jason

                      Titan Jewellery (Swift Design)
                      Zirconium Rings
                      Damascus Steel Rings

                      Comment


                        #56
                        Hi Jason. See my article as above:

                        With Sellerdeck Pay by ClearAccept your website customer enters their card details in the last checkout page of the Sellerdeck website. This change means that the Sellerdeck Website and its hosting needs to be PCI compliant.
                        Jonathan Chappell
                        Website Designer
                        SellerDeck Website Designer
                        Actinic to SellerDeck upgrades
                        Graphicz Limited - www.graphicz.co.uk

                        Comment


                          #57
                          Slightly off thread topic, but other than a bit of text is there a way to convey to visitors that your payment gateway is PCI DSS complient to lastest standard ?

                          I assume adding the PCI DSS logo would infringe copyright ?
                          www.devotedly-discus.co.uk

                          Comment


                            #58
                            Click image for larger version

Name:	Compliant.png
Views:	254
Size:	20.4 KB
ID:	557194
                            That was easier than I was expecting.

                            Many thanks to those who posted, and Jonathan for his guide.
                            Regards

                            Jason

                            Titan Jewellery (Swift Design)
                            Zirconium Rings
                            Damascus Steel Rings

                            Comment


                              #59
                              mje Lots of companies use the logo with an explanation. I cannot find an automatic compliance badge.

                              https://maceinnovations.com/trust/ does this for example - just got to keep it current:

                              Click image for larger version

Name:	pcidsscompliant.jpg
Views:	209
Size:	73.2 KB
ID:	557206
                              Jonathan Chappell
                              Website Designer
                              SellerDeck Website Designer
                              Actinic to SellerDeck upgrades
                              Graphicz Limited - www.graphicz.co.uk

                              Comment


                                #60
                                Please can someone point me to a thread about Clear accept fields not appearing?

                                Thank you!
                                Jonathan Chappell
                                Website Designer
                                SellerDeck Website Designer
                                Actinic to SellerDeck upgrades
                                Graphicz Limited - www.graphicz.co.uk

                                Comment

                                Working...
                                X