Comments on: Directed to lie/mislead about about PCI data security compliance at work? http://smallbusinessmerchantaccounts.org/directed-to-liemislead-about-about-pci-data-security-compliance-at-work.htm Sat, 19 May 2012 13:08:09 +0000 http://wordpress.org/?v=2.7.1 hourly 1 By: Let me steer you http://smallbusinessmerchantaccounts.org/directed-to-liemislead-about-about-pci-data-security-compliance-at-work.htm/comment-page-1#comment-2451 Let me steer you Tue, 04 May 2010 01:42:36 +0000 http://smallbusinessmerchantaccounts.org/directed-to-liemislead-about-about-pci-data-security-compliance-at-work.htm#comment-2451 Find another place to work. If you get in bed with con artists, you'll wake up in the clink. When they get caught, they'll blame it all on you and say you were the lead network administrator and it was your job to insure the network was PCI compliant. Eventually, someone will steal and use a bunch of credit card numbers from one of your sites, and then you will be the one in the hot water. Find a reputable place of employment. Find another place to work. If you get in bed with con artists, you’ll wake up in the clink. When they get caught, they’ll blame it all on you and say you were the lead network administrator and it was your job to insure the network was PCI compliant.

Eventually, someone will steal and use a bunch of credit card numbers from one of your sites, and then you will be the one in the hot water.

Find a reputable place of employment.

]]> By: Mandi http://smallbusinessmerchantaccounts.org/directed-to-liemislead-about-about-pci-data-security-compliance-at-work.htm/comment-page-1#comment-2452 Mandi Tue, 04 May 2010 01:42:36 +0000 http://smallbusinessmerchantaccounts.org/directed-to-liemislead-about-about-pci-data-security-compliance-at-work.htm#comment-2452 First and foremost, your morality should come first. That is what you'll have left to deal with when all is said and done. I work in an escalated queue at a major credit card processor. Regardless of whether or not your company is PCI compliant, you as the merchant are 100% liable for any credit card fraud related to purchases made with your company. If your PC processing systems leak credit card info and VS/MC find out you were not PCI compliant at the time, you may be subject to fines that outweigh your companies worth. Quote from http://usa.visa.com/merchants/risk_management/cisp_overview.html#anchor_7 Compliance Fines. "If a member, merchant or service provider does not comply with the security requirements or fails to rectify a security issue, Visa may fine the responsible member. Visa may waive fines in the event of a data compromise if there is no evidence of non-compliance with PCI DSS and Visa rules. To prevent fines a member, merchant, or service provider must maintain full compliance at all times, including at the time of breach as demonstrated during a forensic investigation. Additionally, a member must demonstrate that prior to the compromise the compromised entity had already met the compliance validation requirements, demonstrating full compliance." As far as your credit card processor is concerned, they may discontinue service as well without warning should they discover such an occurrence and ensure that you cannot process credit cards for a time to come. My advice is to contact your merchant services provider and honestly advise them of your current situation. I answer peoples questions like this quite frequently and can assure you that credit card processors will bend over backwards to keep you processing. They should be able to get you the resources necessary to get you fully compliant or extend your deadline for completion. In regards to personal liability, should you decide to go thru with this scam…. Get a lawyer;) First and foremost, your morality should come first. That is what you’ll have left to deal with when all is said and done. I work in an escalated queue at a major credit card processor. Regardless of whether or not your company is PCI compliant, you as the merchant are 100% liable for any credit card fraud related to purchases made with your company. If your PC processing systems leak credit card info and VS/MC find out you were not PCI compliant at the time, you may be subject to fines that outweigh your companies worth.

Quote from http://usa.visa.com/merchants/risk_management/cisp_overview.html#anchor_7

Compliance Fines.
"If a member, merchant or service provider does not comply with the security requirements or fails to rectify a security issue, Visa may fine the responsible member. Visa may waive fines in the event of a data compromise if there is no evidence of non-compliance with PCI DSS and Visa rules. To prevent fines a member, merchant, or service provider must maintain full compliance at all times, including at the time of breach as demonstrated during a forensic investigation. Additionally, a member must demonstrate that prior to the compromise the compromised entity had already met the compliance validation requirements, demonstrating full compliance."

As far as your credit card processor is concerned, they may discontinue service as well without warning should they discover such an occurrence and ensure that you cannot process credit cards for a time to come. My advice is to contact your merchant services provider and honestly advise them of your current situation. I answer peoples questions like this quite frequently and can assure you that credit card processors will bend over backwards to keep you processing. They should be able to get you the resources necessary to get you fully compliant or extend your deadline for completion. In regards to personal liability, should you decide to go thru with this scam…. Get a lawyer;)

]]>