Monday, August 17, 2009

PCI DSS Self-Assessment Questions Tool Takes Toll











If you're a Tier 2 Merchant for MasterCard you can no longer "self assess."  However, if you are Tier 3 or 4 you can fill out this 41 page "self-assessment" and learn that you are more than likely not compliant. 



Then you can figure out how much the fines would be at MasterCard's website, who recently published them. 



After you are done, you can take a step back and realize that you better get compliant or the cost of a breach will probably end your business as you know it. 



Then again, a simpler way would be to utilize a PCI certified device, such as the one manufactured by HomeATM, which not only End-to-End Encrypts the data so that it is never in the clear, but puts your organization into a position where you neither handle the data, nor store it...therefore you are removed from the scope of PCI compliance...and your business is safe from the exorbitant fines that could be levied against your business entity...




 Here's the SAQ from WatchGuard...











Oh...for more information, CyberSource is holding a
webinar entitled Payment Data: Don't Store It, Don't Handle It.  

I share this with you because it is
the best way to remove your business from the scope of PCI Compliance. 

Simply remove yourself from all contact with payment data. 
It the way
HomeATM designed it's eCommerce platform from the beginning...

Our PCI 2.x
Certified PIN Entry Device encrypts the data instantaneously, and
simply utilizes the "internet" as the conduit with with to send the
encrypted packet.   Since the data is never in the clear, a web
merchant would be in the clear when it comes to PCI Compliance.  It's
easy to protect your business from potential breaches with HomeATM's
secure 3DES DUKPT end-to-end encryption.  And you'll save money on processing costs with True PIN Debit.


Maintaining
payment security doesn’t require adding even more proverbial locks and
bolts to your infrastructure. In fact, you can secure your payment
process – including complying with PCI-DSS
standards - with less cost, complexity, and time.   In the upcoming
CyberSource webinar Payment Data: Don’t Store It, Don’t Handle It,
you’ll see how your peers are adopting a safer, more secure approach by
eliminating all contact with payment data – a strategy we call
Enterprise Payment Security 2.0.












Reblog this post [with Zemanta]

Disqus for ePayment News