pci compliance
Accelerated Payment Technologies is requesting that we show them that we are pci compliant. Is that something for x-charge to deal with?
thanks
Accelerated Payment Technologies is requesting that we show them that we are pci compliant. Is that something for x-charge to deal with?
thanks
Comments
I'm not sure what is going on, as Accelerated Payments is XCharge! But you do not need to worry about PCI compliance, as RGP falls out of the scope of the PCI compliance.
Hi -
Accelerated Payments IS XCharge. And yes, the credit card processors (the overlords above Accelerated Payments) are forcing PCI compliance down everyone's throat. The good news is RGP solves your PCI compliance issue with regards to software, but you still need to follow the procedures required for PCI compliance in your business - examples include not writing down credit card numbers, etc.
Typically this involves a periodic internet scan of your IP address and completing a quarterly questionnaire.
Accelerated Payments can help with this so yes, you should contact them.
Wondering if you think its worth it to be PCI compliant by doing the quarterly scans with attestation, as well as questionaire. It’s a pain in the neck, and I don’t think you save that much (althou I have trouble following cc charges).
Thoughts?
Honestly, I'm not sure you have a choice. Total pain in the neck, I agree.... only surpassed by the annual questionnaire which is basically a joke since none of us know the answers to the questions! It's all a cover-their-a** for THEM and not designed to help us IMO.
But... I think there really isn't a choice. If you don't follow the system, you get increasingly harassed and penalized.
So outside of the last few questions about getting penetration scans, you just say yes to everything? Have they ever asked you to provide your policies on the things they ask you to have policies on? My answer would be "Sorry, it is our policy NOT to disclose our security policies". I hope that suffices.
Well.... I answer to the best of my ability :)
Do you guys have any suggestions on who to use for a penetration test?
Control Scan said they charge $200 an hour, but if I am not PCI compliant, I just have to pay $18.95 or something a month. That's like $230 a year, vs $200 an hour once a year.
I really would like to save that $18.95 a month, but at this rate it's silly.
Not sure if this is the correct thread-- I would imagine for all in-person cc transactions, our POS system will need a different cc reader that is not limited to the magnetic strip.
Have I missed the release of which product RGP is recommending from POSGuys?
Hi Joe -
See this thread.
https://www.rockgympro.com/forum/topic.php?id=745#post-2277
Andy
Please sign in to leave a comment.