PaulDotCom mailing list archives
Re: a pci question
From: "Nils" <nils () hemmann de>
Date: Tue, 12 Apr 2011 14:06:35 +0200
Hey Marck,first off, if your company does not transmit or process cardholder data in any way then your entire company is not in PCI scope. But may be you could describe a little bit more in detail what exactly you are doing and how you´re processing payments.
Regarding the PSP´s demand of a VPN, I think this is just a general requirement they are having to standardize their external connections to be on the safe side. When it comes to PCI the PSPs need to encrypt any connection which *might *transmit cardholder data (Req. 4) But may be there are other non-PCI requirements like data privacy protection.
My 2ct. Nils On 11.04.2011 22:31, marck e. wrote:
Due to avoiding being scoped in PCI-compliance, we are now searching for PSP (Payment Service Providers) Our processing volume is quite low (maybe 20 o 30 orders a month) We already selected a couple of PSP and one of their requirements is we must establish a VPN connection with them in order they send payment status of orders (not credit card numbers at all) Even when we only would get payment status of orders,is there any reason we should establish a VPN connection with them? I mean , if we only get status of paid or not-paid for payment processing done on their infrastructure, why is that vpn requirement? Also, What is extent we are scoped regarding PCI if we are outsourcing all of our payment processing? thank you marck _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- a pci question marck e. (Apr 12)
- Re: a pci question Nils (Apr 12)
- Re: a pci question njarendt tds.net (Apr 12)