43 replies to this topic

[GemRock]

acceptcredit, on 28 November 2009, 19:13, said:

...If you are part of the latter you may be asking for trouble later, because 2010 will be a year that enforcement will kick into high gear....

am i out of date? or you are just another who is trying to talk about something you dont really know? my guess you are more likely the latter.
has the regulations about pci dss changed or been about to change? not from my knowledage. here is what i just copy from Paypal website:

Quote

Mandatory PCI Compliance: With PayPal, it’s easy
[img]https://www.paypalobjects.com/WEBSCR-600-20091109-1/en_US/i/scr/pixel.gif[/img] [img]https://www.paypalobjects.com/WEBSCR-600-20091109-1/en_US/i/scr/pixel.gif[/img] PayPal and PCI compliance

PayPal adheres to international PCI (payment card industry) compliance standards for data security.^† With Website Payments Standard, Email Payments, and Payflow Link*, PayPal handles the payment card information for you. So you don’t have to worry about your buyers’ payment card security or about compliance with PCI DSS for your business.<sup>††

††</sup> All card data must be stored, transmitted, and processed by PayPal and not by the merchant.

other third party online payment processors such as protx/sagepay have the same stand as Paypal.
Ken

Edited by GemRock, 28 November 2009, 23:17.

[MrPhil]

GemRock, on 28 November 2009, 23:15, said:

am i out of date? or you are just another who is trying to talk about something you dont really know? my guess you are more likely the latter.

So what are you talking about? @acceptcredit made a statement that he sees some people asking for ways to evade PCI compliance, and that they're asking for trouble by doing that. I can't verify that 2010 is a red-letter year for compliance, but I have gotten the impression that credit card companies are getting stricter.

Quote

here is what i just copy from Paypal website:

Well, if you use a third party payment system such as PayPal, you don't really have to be concerned about PCI compliance -- they do. And they're telling you that they are fully compliant. On the other hand, if you are handling credit card information yourself (using a merchant account, rather than a payment service), you are certainly responsible for being PCI compliant.

So, what is the argument here?

[GemRock]

MrPhil, on 29 November 2009, 15:46, said:

...So, what is the argument here?

you tell me. this is what we all know about along the years and its clear as 1+1=2 so no need to repeat and added some misleading statement such as

Quote

Just know that ALL merchants are required to be PCI compliant now, so do not think that it just applies to your web business.

i just suspect that someone may be related to this pci dss business and trying to scare people into getting some "services" they dont really need.
Ken

[johnnybebad]

so paypal standard and paypal express wouldnt require me to be pci compliant as I dont process the card on my domain/server.

Web payments pro for paypal would require me to be pci compliant? as the credit cards are handle by us momentarily before being sent to paypal to be processed? the data isnt stored but I guess the handling of the data betwen our site and paypakl would be an issue?

This seems cheap enough and offer a free 90 day scan agreement to get you started.

www.instantssl.com/hackerguardian/buy/pci_scan_compliancy.html

I am a little confused about whats actually required and what isn't and the consequences.

Edited by Jan Zonjee, 29 December 2009, 08:10.