Home → Questions →

Cheddar Gateway: Is it PCI Compliant; Exporting credit card Data

• Edit

Michelle

11 Aug, 2010 10:54 PM

We are considering using CheddarGetter as well as the Cheddar Gateway. Since it will be holding our user's credit card numbers, I have some specific questions:

1) Is it PCI Level 1 Compliant?
2) Who did the audit? Do we have access to the audit? (Basically, is there some sort of verification that it is in fact PCI Level 1 Compliant?)
3) If we choose to leave CheddarGateway, is the credit card data exportable to another level 1 PCI Compliant handler? What is the process?

Thanks!
Michelle

1. Support Staff 1 Posted by Marc Guyer on 12 Aug, 2010 02:15 PM

   

   1) Is it PCI Level 1 Compliant?

   Yes

   2) Who did the audit? Do we have access to the audit? (Basically, is there some sort of verification that it is in fact PCI Level 1 Compliant?)

   Attached is the certification letter. The provider is also listed here: http://usa.visa.com/download/merchants/cisp-list-of-pcidss-complian...

   3) If we choose to leave CheddarGateway, is the credit card data exportable to another level 1 PCI Compliant handler? What is the process?

   Quoting NMI Support: "In order to unlock the credit card data, a merchant must prove PCI Compliance. Once proof of compliance is provided, Data Decryption can be added to the merchant so that they can unlock the card numbers."

   • Trustwave_Compliance_Letter_Network_Merchants_2010.pdf 100 KB
   • Edit

2. Marc Guyer closed this discussion on 12 Aug, 2010 02:15 PM.