IWETHEY v. 0.3.0 | TODO
1,095 registered users | 1 active user | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

New Maybe to you
But we are tiny.

You don't audit tiny,
you check their paperwork
for stupid stuff and wave them on.

Of course, not always. So you have
to be prepared, but we do not have
an auditing firm, it is not a
requirement that I am aware of.

Is it?
New What do you think the initial PCI compliance...
work is all about?

They are getting YOU to audit everything and then verifying it to be that way.

How much per year does this company do in Payments? I'm not looking for exact numbers.

$1M? $5M? $25M? $100M?

I don't know where the cut off is any more since they keep lowering the number. They also eliminated the lower classes recently.
New Is this "required" required?
Is this a "voluntary" certification that, in practice, VISA/MC won't work with you if you don't have it? Or is it a hard requirement? Just curious.
--

Drew
New Oh its the Voluntary one.
But good luck processing any transactions with out it.

The required part though is the certification the PCI Auditors give you so that VISA/MC see you've voluntarily become PCI compliant.

But then again, remember Heartland?
New Oh, it's required.
And yes, I know what's it's for. I spent 3 hours in a meeting explaining it to a company owner yesterday. It's a new world, and if you want to use credit cards, you gotta dance to their tune and build it into the budget.

We spent about 15 minutes trying to figure out how to run the company without storing the CC numbers. We can't. We hold seminar and conferences. We do automated refunds. There are situations where prepayed courses are canceled, and we immediately refund the money. Also, we delay charging for certain courses depending on certain situations. So we get the CC number and store it, and then do batch charges and refunds.

Our CC vendor say:
The old payments app (that we gave you) you are using is not PCI compliant.
You MUST stop using.
Here is the new one.
Please test it.

So we test it, it works, and then the vendor says:

Where is your PCI cert? You CANNOT use this new app unless you are PCI certified.

So they yank the app, tell us to use the old, non-PCI compliant one, until we get EVERYTHING else done, and then, and only then, will they allow us to use the new one.

And then tell us since they know we are not PCI compliant, the clock is ticking, and the hammer could come down at any moment.

We were in the process of setting up a new web site, the old one did not stand a chance of passing. Ever. So now that the new site is done, we are working through all the other issues.

Also, we had an old employee who was in charge of the web site. The old web site. The one that was not necessarily doing everything the right way. He had spent years directing me to do things that I didn't necessarily agree with, but he was the boss. And this X-employee pretended to be a concerned client who detailed their worry about how we were handling CC transactions, and sent it to Visa. Visa contacted our CC service company, and they contacted us.

So we are in their sights.

But back to you question: Tiny. Let's say $2M to $4M.
New Your company falls..
right in to that gap it can go either way.

But since you had someone "Tattle" on you... you know which way its going.

It sucks!
     Does general PCI q? belong here? - (crazy) - (18)
         If you don't store the CC# - (folkert) - (17)
             You missed it - (crazy) - (16)
                 HAHAHAHAHAHAHAHAHA!!!!!!! Oops ... sorry - (drook) - (10)
                     Let's all relax here - (crazy) - (7)
                         Audit happens every... - (folkert) - (6)
                             Maybe to you - (crazy) - (5)
                                 What do you think the initial PCI compliance... - (folkert) - (4)
                                     Is this "required" required? - (drook) - (1)
                                         Oh its the Voluntary one. - (folkert)
                                     Oh, it's required. - (crazy) - (1)
                                         Your company falls.. - (folkert)
                     AIX? That's a tree-chopping implement, right? - (Another Scott) - (1)
                         Actually, AIX... - (folkert)
                 Ouch. - (folkert) - (4)
                     All good stuff - (crazy)
                     What Greg said. - (Steve Lowe) - (2)
                         We got the scan vendor - (crazy) - (1)
                             woot - (Steve Lowe)

And on drums: The Pope!
138 ms