PCI compliance certificate and up-to-date scan

Forums › 2degrees (including Slingshot, Orcon, Flip, Stuff Fibre, MyRepublic, 2talk and Vocus) › PCI compliance certificate and up-to-date scan

adw

175 posts

Master Geek

#69818 13-Oct-2010 15:43

Why is Orcon unable or unwilling to supply a PCI compliance certificate and up-to-date scan? Despite requests we seem unable to get one which means online shops will be taken down affecting people's livelihoods/profits.

Do their servers no longer meet the secure requirements that they did when they were Iserve - this never used to be an issue and despite repeated requests for escalation we are getting no joy.

BartManGeek

187 posts

Master Geek

#392076 15-Oct-2010 08:28

Do they actually store Credit Card details on their servers?
http://www.pcicomplianceguide.org/pcifaqs.php#2
I suspect not hence no need for PCI compliance cert.

mentalinc

3226 posts

Uber Geek

Trusted

#392081 15-Oct-2010 08:41

"that accepts, transmits or stores any cardholder data"

No idea what BartManGeek is referring to.

CPU: AMD 5900x | RAM: GSKILL Trident Z Neo RGB F4-3600C16D-32GTZNC-32-GB | MB: Asus X570-E | GFX: EVGA FTW3 Ultra RTX 3080Ti| Monitor: LG 27GL850-B 2560x1440

Quic: https://account.quic.nz/refer/473833 R473833EQKIBX

Falconz

67 posts

Master Geek

#392785 17-Oct-2010 10:38

It totally depends on how you serve your payment page, we host many sites with payment pages but because we use the DPS hosted payment page we dont have to comply with any PCI stuff.

Also its not orcons duty to do that, how can they know what/how your site is storing credit card details. You should have a VISA PCI complicate account which will scan your site every few months and warn you of any compliance issues. Sometimes its free depending on how much sales you do but otherwise is ~$160us a year or something like that

Cheapest thing to do is hand off payments to DPS then redirect back to your site.

adw

175 posts

Master Geek

#393169 18-Oct-2010 14:06

That's right, it does depend on how the credit card numbers are stored.

It is Orcon's duty if they're on-selling a secure server option (which is what Iserve were doing) and a hosting platform suitable for on-line shops, as the Iserve one was. It's the server the information is stored on that has to be compliant, which in the process of being sorted now.

DPS isn't an option for many small traders cost wise, along with that of a merchant account. If someone just wants to sell gift certificates for example then the DPS option just doesn't work.

nate

6473 posts

Uber Geek

Retired Mod

Trusted

Lifetime subscriber

#393202 18-Oct-2010 15:34

adw: DPS isn't an option for many small traders cost wise, along with that of a merchant account. If someone just wants to sell gift certificates for example then the DPS option just doesn't work.

I don't understand how else you'd do it, surely you need some form of payment processor?

robbyp

1199 posts

Uber Geek

#393215 18-Oct-2010 15:55

nate:
adw: DPS isn't an option for many small traders cost wise, along with that of a merchant account. If someone just wants to sell gift certificates for example then the DPS option just doesn't work.

I don't understand how else you'd do it, surely you need some form of payment processor?

They temporarily store the CC details, to process manually, either through an eftpos terminal or form. It is similar to mail order, where someone mails you their credit card details through the post, tells you them over the phone, or faxes them to you. I haven't found their support to be partically good since it rebranded and moved it to the parent website.

Many websites do this, and one reason some do it, is due to shipping, as sometimes it is impossible for a store to accurately calculated shipping, as NZ post or couriers doesn't have a module that will connect to the store. I am not sure about the dps hosted payment system, and whether that allows for the amount to be adjusted after the payment has gone through (eg a delayed payment rather than realtime to allow for price adjustment)

nate

6473 posts

Uber Geek

Retired Mod

Trusted

Lifetime subscriber

#393233 18-Oct-2010 16:30

robbyp: They temporarily store the CC details, to process manually, either through an eftpos terminal or form. It is similar to mail order, where someone mails you their credit card details through the post, tells you them over the phone, or faxes them to you. I haven't found their support to be partically good since it rebranded and moved it to the parent website.

Ah that makes perfect sense, thanks for the explanation.