PCI validation type 4 for merchants, is it really required?
Hello,
I read in earlier posts that CheddarGetter is PCI compliant since
CG is not transmitting credit card data and that we (as merchants
using CG) need to be compliant with PCI level 4. Why this ?
I just went through PCI certification for one of my clients in
Europe, and we went through a thorough analysis of the different
PCI levels with our acquiring bank, Visa and Amex.
- PCI validation type 1 is for "Card-not-present merchants, all
cardholder data functions outsourced" : my application does not
store the credit card information at anytime, the information is
transmitted immediately to CheddarGetter. I am not doing any kind
of validation on the credit card data. - PCI validation type 4 is
for "Merchants with POS systems connected to the Internet, no
electronic cardholder data storage" : my application is not a POS
system. Why should the merchants using CheddarGetter go through
validation type 4 (assuming no credit card data is stored in
anyway)? That's 12 requirements instead of 2 !
Thanks
Discussions are closed to public comments.
If you need help with Cheddar please
start a new discussion.
Keyboard shortcuts
Generic
| ? | Show this help |
|---|---|
| ESC | Blurs the current field |
Comment Form
| r | Focus the comment reply box |
|---|---|
| ^ + ↩ | Submit the comment |
You can use Command ⌘ instead of Control ^ on Mac
Support Staff 1 Posted by Marc Guyer on 19 Jun, 2010 10:54 AM
While we're not PCI DSS experts, it's our understanding that, at a minimum, all merchants must attest to compliance with the merchant level 4 standard. This includes merchants the run up to 20,000 transactions/year and is the lowest level (an presumably contains the least number of requirements).
We're happy to provide any guidance we can but this question is better asked of a PCI expert like McAfee or Trustwave.
http://www.mcafeesecure.com/us/pci-howitworks.jsp
https://www.trustwave.com/pciDataSecurityStandard.php
Marc Guyer closed this discussion on 19 Jun, 2010 10:54 AM.