CyberSource PCI-DSS compliance
I recently received several emails from CyberSource informing me that they will begin requiring "PCI-DSS compliance validation" from all their vendors. I am a CyberSource client through my usage of Authorize.Net, so I assume that I am not the only CG user to get one of these alerts. From the research I've done, it looks like I can simply complete the shortened questionnaire myself, since all my processing is handled via CheddarGetter and Auth.Net's Customer Information Manager.
Is there anything specifically I should be aware of, in regards to CG's part in this equation? Just want to make sure I cross all the T's and dot all the I's...
Discussions are closed to public comments.
If you need help with Cheddar please
start a new discussion.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Marc Guyer on 09 Jun, 2010 06:51 PM
RIght -- you should be able to complete the SAQ. There are some services out there that make it a little easier (for a fee of course). They also perform the require quarterly scans of your network. You might try https://www.trustkeeper.net or http://www.mcafeesecure.com/us/pci-intro.jsp
Marc Guyer closed this discussion on 09 Jun, 2010 06:51 PM.
Frank Koehl re-opened this discussion on 09 Jun, 2010 07:11 PM
2 Posted by Frank Koehl on 09 Jun, 2010 07:11 PM
As far as I know, this doesn't apply to users of your service. They fall under SAQ A: "Card-not-present (e-commerce or mail/telephone-order) merchants, all cardholder data functions outsourced."
This URL has the full list of SAQ categories:
https://www.pcisecuritystandards.org/saq/instructions_dss.shtml#instructions
Or am I reading that wrong?
Support Staff 3 Posted by Marc Guyer on 09 Jun, 2010 07:52 PM
Technically, since your server touches the cardholder data before it's sent to CG, not all functions are outsourced.
We're working on a transparent redirect feature that will work around this issue but it wont be ready for a couple of months and will require some adjustment in your app.
Marc Guyer closed this discussion on 09 Jun, 2010 07:52 PM.