 |
IQ Solutions is an IT
Management and Support company that offers more then a geek for $80.00 an hour. Check out scalable solutions and start saving money now on your IT budget. |
 Payment
Card Industry Standard -Data Security System has been a
requirement for business that provide Credit Card purchasing
options for their clients. This applies to Big Box
Merchants, small mom and pop retailers and of course merchants
that are taking transactions via the internet. Standards
were created to impede credit card fraud as a result of computer
hacking. The bulk of the policies are mostly for high volume users that store
purchaser credit card numbers electronically. Requirements do exist for the handling of paper or other
media that contains credit card information. Compliance is required
across the board for all merchants that process credit card
transactions. A merchant is required to apply with a
Qualified Security Assessor (QSA) that can attest to the
appropriate level of compliance and that it has been implemented.
This will include reports and also the possible scanning of the
network gateway that a storage system is may be networked in.In this case a letter received from the Credit Card Processor. It stated that a service would be added to provide for QSA and all that was needed was to pay the annualized fee and provide information for subsequent scanning of the network. We decided to so some homework and a quick search led us to these links, PCI Data Security Standards and the Self Assessment Questionnaire - Introduction and Standards. Both of the links were very helpful in specifying the actual steps involved in determination and compliance. |
After contacting the Credit Card Processor,
It was made clear that the recommended QSA was
an offer and not required for service. Any QSA
could be used to report compliance. Using the
PCII Security Standards
Council's web site, we contacted
403 Advanced Security Systems.
They were knowledgeable and patient. The
rep listened and provided verified the information we had.
The rep suggested that the leg work for a Self Assessment since
there would be substantial savings. IT CAN GET SKETCHY Armed and ready we reach out to Security Systems the QSA recommended by our processor. The rep agrees that the flier was high-level and that in our application the status would not require submitting to a scan. Also they have an electronic instance of the Self Assessment form and use is included the fee. Security Systems staff focused on creating an Assessment that was accurate and ultimately compliant (if warranted by field conditions). Also they had tech support ready of needed to complete the form. Seems like the deal so we decide to shop them. We picked three QSA's that we found via Google search. I am not providing names for the simple reason that they seemed to not have any reason. All three reps (via chat) qualified that we would have to be scanned in order to be found compliant. |
Stating that we did not had zero impact and
we were quoted fees from $400.00 a year to $300.00 a month.
Now we felt confident that we had performed some diligence
regarding the performance of the service and completed the Self
Assessment provided by Security Systems. As with all the articles from IQ Solutions, we provide them for those that are discovering a process as we have. Recommendations made or implied herein are for use at your own risk. We simply feel that those vendors and service providers that go the extra mile should get some recognition. It is likely that we would look to these providers when shopping our next project oft his type. "A mind expanded with an idea cannot return to its previous shape" Socrates © 2010 IQ Solutions |