|
| | | 
Forum Member
 
Group: Forum Members
Last Login: Today @ 11:13:03 AM
Posts: 318, Visits: 620 |
| | Has anyone seen the new PCI compliance since the TJ Maxx breach? Dave
David Sanders
IT Manager
PetPeople, Inc. |
| |
| | | Forum Newbie
Group: Forum Members
Last Login: 8/17/2007 5:55:55 PM
Posts: 8, Visits: 16 |
| I have. Do you have a question? I'll take a stab at it if you do...
Steve Sommers
Shift4 Corporation - www.shift4.com
|
| |
| | |
Forum Member
Group: Forum Members
Last Login: Today @ 11:13:03 AM
Posts: 318, Visits: 620 |
| Here you go:- What are the new regs and when do they go into effect?
- Does each company have to complete a quarterly audit?
- Is the software provider liable if the audit fails?
- Are there companies out there who perform the audit?
- Are Retail Pro users that are on "CISP" compliant versions covered under the new regs?
- What Processing systems through Retail Pro are covered?
I have more but those are my burning ones. Dave
David Sanders
IT Manager
PetPeople, Inc. |
| |
| | | Forum Newbie
Group: Forum Members
Last Login: 8/17/2007 5:55:55 PM
Posts: 8, Visits: 16 |
| Here is a page on the VISA site that has all sorts of links that answer most of your questions: CISP Program
I'll give you my version of the short answers...
#1 - The VISA link provides the regs and most are already in effect.
#2 - Based on your credit card volume, the type of business and whether or not a breach has occurred, merchants are grouped into 4 levels. Your level determines whether or not scans and mandatory audits are required. Merchant levels are found on the PCI (CISP) Overview document: CISP Overview. One gotcha though - any safe harbor that the program provides only applies to audited merchants meaning that you can be fined in the event of a breach even if you are fully compliant with the regs.
#3 - No - software providers are not liable for breaches, only merchant are. Now if it can be proven that the software provider lied to the merchant or the security auditor to get "PABP certified," then you might have a case.
#4 - Yes, the original VISA link has a list of Qualified Security Assessors (QSA's).
#5, #6 - Sorry, don't know. I know RP version 8 is certified to use our (Shift4's $$$ ON THE NET) tokenization technology which can greatly reduce the risk of storing credit card data, but the "official status" as far as the card associations are concerned is unknown to me.
Hope this helps.
Steve Sommers
Shift4 Corporation - www.shift4.com
|
| |
|
|