Has anybody got any suggestions/guidelines as to requirements to qualify/pass the Approved Vendor scans for Merchant PCI compliance?
I’ve recently created a merchant account while using Authorize.net gateway to take payments at my hotspots and get away from paypal which I’m using on my wireless hotspot portals.
I’m just not quite sure what exactly is needed (firewall rules,etc..) for a small hotspot business to become bullet proof compliant to their scans, etc…
So, they’ll scan my IP’s and invariably I will fail. They then offer patches based on their pricing. Seems like a racquet.
I understand they need to protect the credit card banks but regardless. As are most hospot providers, the credit card is not stored locally at all.
Beyond closing the right ports, and having SSL’s I’m not exactly sure what they want protected.
They won’t tell you witout paying hard.
Is there a standard to go by as far as how to lock down your router/IP/Hotspot to be compliant?
I agreee, but, as far as I know the one’s I’ve dealt with don’t offer any type of info relating to what’s failing.
Honestly, I haven’t put them on the “spot”. But they directly told me I would need to pay for their “patches”. Whatever that means.
And they haven’t offered to tell me what’s failing. I do see them scanning ports, and services, every now and then. Nothing that I can see ever makes any intrusions.
Security Metrics is one “AVS” Approved Scanning Vendor. They’re doing the scanning on me.
So, I’ll see if they’re going to offer any more info. But, doubt it.
Thanks for the reply.