Announcement

Collapse
No announcement yet.

PCI DSS 4.0 External Compliance Scan

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    #46
    Originally posted by 4children2enjoy View Post
    We are making progress with resolving the problems flagged up by the ClearAccept PCI scan...
    Hello Andy
    I haven't come across the vulnerabilities you mention but would just like some clarification on your opening statement.
    Was your scan actually undertaken by ClearAccept or some other ASV?
    Martin
    Mantra Audio

    Comment


      #47
      Well Clearaccept is the gift that keeps on giving. It seems shared hosting is not PCI compliant which might rip the guts out of my reselling business.
      ​​​​​​
      Sellerdeck hosting is on shared platforms, can anyone hosting with them do a PCI compliance check to see if they are compliant?
      Jonathan Chappell
      Website Designer
      SellerDeck Website Designer
      Actinic to SellerDeck upgrades
      Graphicz Limited - www.graphicz.co.uk

      Comment


        #48
        Our scans are being carried out ClearAccept Payment Guard. We use Sellerdeck 8.2.2.

        We had only three vulnerabilities, the first regarding the DB subfolder, and the second requiring upgrading to Jquery 3.5.1 - see Gary's post "Sellerdeck site fails PCI-DSS scan".

        Gary's post "HTTP Headers required for PCI Scan Compliance" was also very helpful.

        The third vulnerability is still outstanding - see above. We are hoping to persuade Clear Accept that it is a false positive.

        ClearAccept PCI compliance seems to be just another annoying hurdle to overcome. It is nowhere near as hostile as Worldpay PCI compliance used to be.
        Andy Shercliff
        www.4children2enjoy.co.uk

        Comment


          #49
          Thank you Andy
          Jonathan Chappell
          Website Designer
          SellerDeck Website Designer
          Actinic to SellerDeck upgrades
          Graphicz Limited - www.graphicz.co.uk

          Comment


            #50
            Originally posted by 4children2enjoy View Post
            Our scans are being carried out ClearAccept Payment Guard. We use Sellerdeck 8.2.2.
            Thank you Andy for the confirmation.
            The only information I received from ClearAccept was dated 28 March and this concerned the setting up of the PCI Compliance Validation Service from 1 June and as far as I can see there was no mention of a ClearAccept AVS being made available.
            The communication from ClearAccept stated
            From 1st June, you can contact our PCI Compliance Validation Service team directly by calling ### ### ### ####
            I called the number today and was surprised to get though to speak to a person who was helpful in checking out the position with ClearAccept customer services.
            During the call I was informed that the ClearAccept ASV would not be available until I get access to the online portal after login detail email(s) scheduled to be sent out later this month have been received.
            That's really useful to know as our existing PCI compliance SAQ expires on 23 May so I need to have a passing SAQ and vulnerability scan completed by this date to maintain compliance!
            Martin
            Mantra Audio

            Comment


              #51
              For your interest...

              I have opened a reseller account with Brixly which is PCI compliant hosting.

              One of my customers has moved onto it and their PCI scan is now:

              Overall PCI Status PASS
              Yay

              It is quite affordable too. Visit Brixly

              Click image for larger version  Name:	pcidss-240.jpg Views:	0 Size:	9.1 KB ID:	557162
              Jonathan Chappell
              Website Designer
              SellerDeck Website Designer
              Actinic to SellerDeck upgrades
              Graphicz Limited - www.graphicz.co.uk

              Comment

              Working...
              X