PCI - I know I need one, but can I get it for free

[perpixon]

My PCI certificate renewal is almost due. As I only redirect customers to either Sagepay or PayPal to take their payment my self certification process is very simple, although I have in the past used Trustwave via Sagepay to actually fill the form in who then keep a copy for me. The problem I have is that I believe the self assessment process is supposed to be free and you can keep the form/certificate yourself so there is no need for me to use Trustwave who charge £72 for the privilege. Am I correct in assuming that all I need to do is fill in the questionnaire form and keep a copy to be legally compliant? If so where and what form do I use?
Thanks

 

[ParcelBright]

Yes you can 100% do it yourselves.
First you will have to understand what is PCI requirement:
http://searchcompliance.techtarget.com/definition/PCI-compliance

After you check the list please do make sure you have SSL enabled on your site.
However if you are not quite familiar with server configuration it maybe best just to spend the money to get the pro to do it.

Thanks!

 

[LMDServicesUK]

Contact your Merchant Services Provider, they should be able to assist you by providing you a link to their programme for you to complete the exercise on line. You wuill still however have to get the scan done, but again this should be handled as part of your PCI SAQ renewal process..

PM me if you need any further help.

Mark

 

[Payment Expert]

If you accept payments via Sagepay and PayPal it is the most likely that you are a level 4 merchant. You need to fill in the PCI self-assessment questionnaire form D. You can do that on your own or if you have some questions concerning the form you can ask your payment service provider to help you with filling in the form.

I can also recommend you one interactive informational resource where you can ask questions concerning payment processing industry. I cannot add links to my posts yet, so you can google Paylosophy and find it.

 

[perpixon]

Well the answer for me as I do not handle any card details on my site, using only 3rd party compliant payment processors (PayPal and Sage pay) is yes I can do the self assessment form myself, just simply download the questionnaire from the PCI website and fill the form in. I do not need a Scan or anything else. Obviously if I processed cards differently then you will need to carry out a far more in-depth questionnaire and testing. So that’s all I need to do to comply, I have self certified. HOWEVER mine and by the looks of it most merchant bank providers do not accept personal self certification and class it as non compliant, charging you £10 per month. You have to use an approved PCI certification company which you then have to fill the exact same questionnaire in that you can do for free. There is no testing or verification that you are telling the truth. Oh and pay £30 for the privilege. I know it’s only £30, but is another £30 to pay and get nothing in return. Why do I constantly fell that I have been legally mugged.

 

[Karimbo]

i attempted to do this myself but it was far too much of a timesuck so i just let trustwave take my £50 for 10 minutes of my time.

its far too complicated. the time spent investigating the diy method - i could spend that time improving the business a generating more proft that £50.