Tweet
Back when credit cards were starting to be a big thing in theaters, I signed up for NATO's program through Vantiv, which was going to combine all of the NATO theaters under one flag, thereby getting lower rates. We got set up with Vantiv through RTS, added a couple of card swipers to our terminals and life was good. Currently we are handled through Worldpay, which has been working fine.
Fast-forward to 2022. I started getting phone messages a few weeks ago saying that we needed to "update our PCI compliance" or words to that effect. Since I have a pretty strict rule against responding to phone messages that I didn't originate, I forgot about them. Write me a letter, I thought. Then a few days ago I got an email from Worldpay about the same thing, saying if we weren't "PCI compliant" we would start seeing extra charges on our processing.
So, I went to the website cited in the email and wound up at the Worldpay site, which is called saferpayments.com and started through the process. It got more and more complicated to where eventually there were so many questions I didn't understand, or terminology I had no idea what it meant, that I just gave up. Such as, "Is your payment application certified as compliant in line with the requirements of the Payment Application Data Security Standard (PA DSS) as set out by the PCI Security Standard Council?" How the "F" do I know this? I assume it is. But how do I find it out?
All of our credit card transactions run through RTS, so
There are over 200 questions like this sample:
"Is all non-console administrative access encrypted with strong cryptography, and is a strong encryption method invoked before the administrator's password is requested?"
I have a hard time believing all the other businesses in town have a person on their staff who can answer questions like this... has anybody else dealt with this? Is there a workaround for regular human beings?
Fast-forward to 2022. I started getting phone messages a few weeks ago saying that we needed to "update our PCI compliance" or words to that effect. Since I have a pretty strict rule against responding to phone messages that I didn't originate, I forgot about them. Write me a letter, I thought. Then a few days ago I got an email from Worldpay about the same thing, saying if we weren't "PCI compliant" we would start seeing extra charges on our processing.
So, I went to the website cited in the email and wound up at the Worldpay site, which is called saferpayments.com and started through the process. It got more and more complicated to where eventually there were so many questions I didn't understand, or terminology I had no idea what it meant, that I just gave up. Such as, "Is your payment application certified as compliant in line with the requirements of the Payment Application Data Security Standard (PA DSS) as set out by the PCI Security Standard Council?" How the "F" do I know this? I assume it is. But how do I find it out?
All of our credit card transactions run through RTS, so
There are over 200 questions like this sample:
"Is all non-console administrative access encrypted with strong cryptography, and is a strong encryption method invoked before the administrator's password is requested?"
I have a hard time believing all the other businesses in town have a person on their staff who can answer questions like this... has anybody else dealt with this? Is there a workaround for regular human beings?
Comment