Welcome to WebmasterWorld Guest from 18.104.22.168
Forum Moderators: buckworks
I am having a tough time getting this taken care of has anybody else gone through the compliance test yet?
One thing you may find is that even though you have the most up to date software etc, the scans say you don't. You can then email them and they'll adjust your scan manually.
The new questionaire is better than it was, as you select the options specific for your business - the old one you had to complete everything, some of which didn't really apply.
As far as the fee goes, we applied through our merchant account, and ended up paying about half of the quoted fee. Might be worth checking.
If you use another company, like Comodo instead of Security Metrics for PCI compliance, contact the merchant account provider to see if you can get a refund.
I wonder how all these smaller sites without dedicated hosting are going to get this done that use a shopping cart not connected to the hosting company.
Or the hosting company doesn't pass the scan.
It's not like I had a choice in this I am required if I want to keep my merchant account or face possible fines.
Level 4 merchants are now seeing the providers pushing to get them compliant now. This will actually help you if you are compromised. If you are compromised before you are compliant, you could be fined $500,000 by one card brand. Being compliant will help at least get that fee possibly waived.
If you call the tech support line now those guys are stressed out to the max.
Unfortunately Security Metrics was not prepared it seems for the thousands of merchants that had to contact them for compliancy. There are other ASV (approved scanning vendors) that you choose from.
Unless I'm mistaken, you don't have to be PCI compliant unless your doing $50k/month or more. Might want to check into that.
A lot of merchants are Level 4 - processing less han 20,000 transactions a year. While the standard set dates for Levels 1,2,3 merchants, it left the Level 4 merchants somewhat out in the open unfortunately. (The merchant levels are mainly based on the number of transactions with the exception of those merchants who have had a compromise - they are Level 1 merchants.) And it is these merchants who can be more at risk for breaches. The standard basically allowed providers to set their own date for these merchants. And it is these merchants who face the largest pitfalls - being fined $500,000 or more by the card associations, and probably putting these businesses out of business.
It is these merchants that need to comply more than ever right now. If you are in compliant and have a breach, the fines might be waived. Remember though, even if you are compliant does not mean you are "secure".