Anyone else get a PCI Compliance Letter on their Merchant Account?

Brandon

Brandon

Administrator
Staff member
Jun 26, 2006
904
17
18
Got this letter from Wells Fargo with regards to my merchant account, wanting me to go through Trustwave.com to answer a questionaire and test my site in order to validate it as PCI compliant.

After answering a million questions, it turns out they want you to do a shitload of things to your hosting account if you are storing users cc info.

If you don't pass compliance, Wells Fargo will charge a monthly non compliance fee every month until you do.

I'm thinking about possibly ditching my merchant account and going with a processor that will handle recurring billing for me so I don't have to store any cc info.

Anyone else run into this?
 


not in the merchant services game any more but they are cracking down on that stuff and charging fees... the ISO i used to work for was under wells fargo for awhile too.. i never even heard of it until like last year when they started giving us a ton of info about it and sending out letters to merchants..
 
PCI compliance is srs bizns

Srsly tho you have some options but most merchant accounts will probably hold you to being pci compliant as it's a requirement of the credit card processors (visa etc) not the government. Also check out authorize.net and i think braintree i hear they offer a solution to store cc#s for you so that they aren't on your server so you have less liability and pci compliance requirements.
 
Authorize.net is my current gateway. What's funny is that their solution for storing cc info and doing recurring billing is more expensive than the monthly non-compliance fees.

kingfish said:
PCI compliance is srs bizns

Srsly tho you have some options but most merchant accounts will probably hold you to being pci compliant as it's a requirement of the credit card processors (visa etc) not the government. Also check out authorize.net and i think braintree i hear they offer a solution to store cc#s for you so that they aren't on your server so you have less liability and pci compliance requirements.
Click to expand...
 
Brandon said:
Got this letter from Wells Fargo with regards to my merchant account, wanting me to go through Trustwave.com to answer a questionaire and test my site in order to validate it as PCI compliant.

After answering a million questions, it turns out they want you to do a shitload of things to your hosting account if you are storing users cc info.

If you don't pass compliance, Wells Fargo will charge a monthly non compliance fee every month until you do.

I'm thinking about possibly ditching my merchant account and going with a processor that will handle recurring billing for me so I don't have to store any cc info.

Anyone else run into this?
Click to expand...
So, you're currently storing CCs in a non-PCI compliant way on your server? WTF?
 
Everybody eventually gets a PCI compliance letter. I've gotten one for a MID I have that doesn't even take orders online (BtoB phone orders only)
 
070707 said:
CDG mostly runs through its hosted payment gateway... so if you want to send users off your page, go ahead... buh bye conversion rates.
Click to expand...

Not if you use their Quantum Gateway service. The customer never leaves your site. In fact, I don't know anyone who uses CDG without it.
 
070707 said:
CDG mostly runs through its hosted payment gateway... so if you want to send users off your page, go ahead... buh bye conversion rates.
Click to expand...
subigo said:
Not if you use their Quantum Gateway service. The customer never leaves your site. In fact, I don't know anyone who uses CDG without it.
Click to expand...
070707 - Talk to the guys at CDG. I used to use them for processing when I ran a hosting company 5-6 years ago, and they are definitely helpful & (most importantly) know the online processing & PCI compliance space very well.
 
I would NOT cancel your current merchant account. Having one, and using it to get other merchant accounts, is essential. Especially from an A Rated bank like Wells. We have gotten several letters. We went through all the PCI steps (separate databases, encryption, physical access) all that stuff and it was alright. But I didn't do the work so of course I can say that.
 
Trustwave is asking for firewall's/DMZ's/etc.

I think if I can just start storing cc info with the processor, it will be a lot easier.
 
I've actually done the compliance for people. It's not hard it just takes a little time and money, but in the end it's well worth it.
 
Don't install that Trustwave (TKAgent) software on your work computer if you can help it, it will bog down your system as a resource-hogging TSR as it constantly looks for CC information being stored. It never worked right, and it took longer to get rid of then I would have ever guessed. Put it on a random computer and let it run once, then delete the !$#@% thing. My .02 cents
 
You must log in or register to reply here.
Top Bottom