Re: FN-FORUM: PCI DSS Merchant Compliance -(All sites have to comply by June 30, 2005)

date posted 30th July 2005 20:17

On 30 Jul 2005 18:44:53 -0000, craig - freelance web designer
[EMAIL REMOVED] wrote:
>
> {{MY PROBLEMS REGARDING THIS}}
>=20
> Is there away I can get round this security compliance program without
> costing too much?
>=20
> Who tests the line for compliance?
>=20

The acquirer, but the cost of compliance validation falls on the
merchant. Your client probably falls into the Level 4 Merchant
category in the PCI DSS scheme which the following is recommended but
not required:

1) Annual Self-Assessment Questionnaire validated by merchant
2) Network Scan for security vulnerabilities (of office and website)
validated by qualified independent scan vendor

BTW, the June 30 2005 compliance deadline only applies to Level 2 and
3 Merchant, so it is possible that your hosting provider is misguided
in this matter.

My advice, find out what the acquirer actually requires regarding
compliance and take the appropriate actions.

--=20
Mamading Ceesay

A Letter To The Terrorists, From London
http://www.lnreview.co.uk/news/005167.php
"It's hard to panic the British. They've dealt with the Blitz, the
IRA, the Silurians, the Zarbi, the Daleks, the Cybermen..."
http://www.livejournal.com/users/coalescent/239250.html