Liability & Legality

#1 (permalink)

We need our site to become PCI compliant so we can take credit cards and such. We noticed there were many companies out there that will help me become PCI compliant.
What should I look for in these companies when choosing one?
What is a good price to help me become PCI compliant?
What should they offer to do for me?
What are some good companies anyone here would recommend to help me become PCI compliant?

#2 (permalink)

It is not just websites that have to meet PCI compliance, it is your entire system for handling customers credit card details, and unless you are DIRECTLY handling and storing credit card or bank details of customers you do not need to be PCI compliant.

__________________
Chris. ->>
Please login or register to view this content. Registration is FREE
<<-
A foolish consistency is the hobgoblin of little minds
Thought for today:- Is SEO the only industry where all the cowboys are Indians?

#3 (permalink)

Well we use Bluepay and whmcs. I don't think we are storing credit card information but BluePay informed me that i have to become pci compliant. I think I want to become pci compliant just in case and even if I don't need it, my lawyer advised that I still should get it.

#4 (permalink)

And do you have the budget for PCI compliance "just for the sake of it"?

__________________
Chris. ->>
Please login or register to view this content. Registration is FREE
<<-
A foolish consistency is the hobgoblin of little minds
Thought for today:- Is SEO the only industry where all the cowboys are Indians?

#5 (permalink)

On the questionnaire that has to be filled in, one of the questions was:

"do all of your credit card processing staff have keycode access to the room containing the days orders?"

Er, key card? more like a handle...

Seriously, you dont want to do it JUST for the sake of it - it really is a load of work for very little.

We are now moving ALL of our checkouts over to EPDQ to handle payments just to make life easier.

We do take a lot of orders by phone though so have to be compliant with customer details.

All orders are shredded within an hour of us getting the phone call.

The problem with making a site compliant (not using a payment gateway) is keeping everything updated...

You update the server, plug any "holes" they say are in there - get the pass... and then 2 months later... you have to do it all again when they deem something else is now a risk.

My opinion? Dont bother unless you have to"

How many of your customers even know about being PCI compliant??

</rant>

__________________
I Just a test to see what happens...
Please login or register to view this content. Registration is FREE

"Let us be thankful for the fools. But for them the rest of us could not succeed..."

#6 (permalink)

Compliance advice/checking is a major con (well paid work for the companies that do it and make up the rukles as they go along) - and it's expensive. If you do not need to do it, don't, as said above. If you do store card or bank details look to recode your payment systems to use major payment gateways instead - it's a lot easier and a lot cheaper. You'll have a bit of faffing around on annual recurring payments with some of them but it's doable.

__________________

Please login or register to view this content. Registration is FREE
|
Please login or register to view this content. Registration is FREE


*** New:
Please login or register to view this content. Registration is FREE