Has anybody got any suggestions/guidelines as to requirements to qualify/pass the Approved Vendor scans for Merchant PCI compliance?
I've recently created a merchant account while using Authorize.net gateway to take payments at my hotspots and get away from paypal which I'm using on my wireless hotspot portals.
I'm just not quite sure what exactly is needed (firewall rules,etc..) for a small hotspot business to become bullet proof compliant to their scans, etc...
So, they'll scan my IP's and invariably I will fail. They then offer patches based on their pricing. Seems like a racquet.
I understand they need to protect the credit card banks but regardless. As are most hospot providers, the credit card is not stored locally at all.
Beyond closing the right ports, and having SSL's I'm not exactly sure what they want protected.
They won't tell you witout paying hard.
Is there a standard to go by as far as how to lock down your router/IP/Hotspot to be compliant?
Thanks.