pageoneresults - 2:00 pm on Aug 23, 2010 (gmt 0)
This topic is timely, that's for sure.
I have a client who received a notification from Wells Fargo that if their ecommerce store is not PCI Compliant, Wells Fargo will bill them an additional $25.00 per month in fees. If we are compliant, Wells Fargo picks up the quarterly scanning costs.
I just finished the Trustwave 226 question SAQ. For this client, we have compliancy on 217 of the 226. I have to get my server administrators involved to go back through the SAQ and make sure I answered the questions correctly. We may have a little bit of work to do in cleaning up some issues.
Personally? It feels like a brute force move to get anyone doing ecommerce transactions to clean up ALL of their security issues. Not 99% of them but 100%. If you are not 100% compliant, then there are monthly fees involved from your provider. I feel like I'm being blackmailed.
There are no laws requiring this. It was a decision made by the credit card companies. You will be 100% compliant or you will pay a monthly fee for non-compliancy.