PCI compliance/ E-onlinedata

[watermelon]

I know that many Vortech resellers are E-onlinedata merchant account customers. I've been getting many emails from E-onlinedata lately about how PCI compliance is required and the merchant will be fined/ hung from toenails if they do not comply with the PCI requirements. Vortech support doesn't seem to be planning to PCI comply in any way so far.
Anyone else in this situation? How are you dealing with it?
Thanks.

Quote:

Over the last couple of weeks we've sent you information about our partnership with ControlScan and how we can help you comply with the Payment Card Industry Data Security Standards (PCI DSS). The PCI DSS are a set of security requirements intended to protect both cardholders and merchants by establishing specific processes and precautions for handling, processing, storing and transmitting credit card data. This council requires all merchants to become PCI compliant to help defend against credit card fraud.
Meeting PCI compliance standards is also good business. By protecting against cardholder fraud you are providing a valuable service to your customers. It has been shown that sites that exhibit PCI security certification earn the confidence of their customers, which results in higher sales and lower shopping cart abandonment.
e-onlinedata has negotiated special terms with ControlScan for its merchants. This service will include quarterly scans, unlimited customer support and all the tools required to achieve PCI compliance - at substantially discounted rates. Together with ControlScan, we will make it as easy as possible to help you through the compliance process.
A ControlScan security specialist will be in touch with you shortly to activate your enrollment. If you want to get started today, please call 1-800-625-2586 or visit https://www.pcigateway.com/merchantpci. If you redeem this offer by phone, please site PCICS as your approval code.
We would like to thank you in advance for your participation in this program.
Sincerely,
e-onlinedata

[levseltzer]

I received the same email and a follow-up phone call. Apparently this is a fee-based service, costing about $10 to $15 per month (I forgot the exact cost). When I heard there was a cost involved, I said "thank you, but no thanks." I have very few charges per month, and my customers don't care at all if I am paying an extra $120/year for PCI compliance or not. I haven't received further phone calls or emails on this topic.

[mresell]

I realize this is old, but I am not sure of the legality issues. The whole thing is a mess. I know it is an industry standard, but I think the extra 15 dollars a month or more is nuts. 15 was minimum for vague security scans that actually sound like security problems in themselves. Anyone wanting access to certain ips and computers and not explaining the criteria up front is a security problem and technical problem in itself. The whole way this PCI compliance thing is being handled seems like another way the cc industry has found to get more money from their own issues. Kinda ironic the cc processors make money directly from bank accts and not cc purchases...lol. Reading the compliance info explains nothing either.

[oglee]

i would love a concise explanation for this as well...

[Marc]

Here is an update since Watermelon must of forgot about this thread. We worked closely with him and his PCI compliance person, and secured the server going back and fourth with them for over a month. Now he is 100% PCI compliant and is quite happy.


Too bad he never updated this post to let our clients know how hard we worked to get his site complaint, without a fee, before his due date of June 1st 2008.


Also as a side note. PCI Compliance, is somewhat of a joke. I agree with Mresell, it's just another way to get more money from you. They wanted us to do things like shut off PHPINFO for his site, and upgrade PHP to the latest version for some vague local exploit that could never be run. They do not take into account custom builds of anything on the server. Basically it's just a way to get more money as all our servers are secure and not a 1 has ever been comprised because of a server security issue in the 8 years Vortech has been in business.