Got letter from processing company. Claims our system has to be tested quaterly for PCI compliance. $99 year, if it isn't hen a fee of $12.95 is added to bill.
I was wondering, since we are not a custom application, shouldn't MS be able to privide us with a letter of PCI Compliance? Using RMS, 2.0.0126, on XP.
Bud
Bud,
I get that same letter, and I use a terminal supplied by my processor! I have no way of knowing for sure, but it seems like a scam just to grab some money. I have no idea why I would have to pay a third party to certify the processor supplied and maintained terminal for compliance. It's connected to none of my networks or internet connections, and dials out for every sale and connects to their network. But with the built in software program connected to your network and internet connection, I believe the network itself, and internet connection, has to be scanned quarterly to verify its security(firewalls, etc.). Craig
Hi Craig and Bud -
First, please note there are two pieces to this puzzle:
1) PCI DSS, which are a set of requirements that a merchant must comply with in order to use their system to process payment cards. 2) PA-DSS, which is a set of standards that a software vendor, such as Microsoft, must comply with.In order for a merchant to be compliant with PCI, they must comply with several requirements including secure networking, password policies, etc. as Craig suggested. These are outside the scope of the software. However, in addition, merchants should use a product that has been PA-DSS validated.
Both Microsoft Dynamics RMS 2.0 SP2 and Microsoft Dynamics POS 2009 have been validated. You can point your payment processor to PCI's website which has a list of validated payment applications:
I hope this helps. Good luck.
Excellent points on this topic at:
The Security Standards Council has all the tools you need to find a qulaified scanning vendor. Good Luck.
Matt Hurst wrote:
What a pain it is to try to get quotes from scanning companies
16-Sep-09What a pa Previous Posts PCI Compliance Got letter from processing company. Claims our system has to be tested quaterly for PCI compliance. $99 year, if it is not hen a fee of $12.95 is added to bill.
I was wondering, since we are not a custom application, should not MS be able to privide us with a letter of PCI Compliance? Using RMS, 2.0.0126, on XP.
Bud
Check with your processor first. I called to question a fee on my bill and found out that I was already being charged by UMS and just had to signup with Security Metrics to have the scans done. I can't remember the fee off the top-of my-head, but it was a significant discount compared to what I would have paid individually for a compliance scan/certificate.
Marc
BeanSmart website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.