Re: OT Why Obsidian-Studios, Inc. does credit card processing in house
William L. Thomson Jr. <wlt@...
2009-07-03 18:32:08 GMT
On Fri, 2009-07-03 at 13:23 -0400, Deny IP Any Any wrote:
> are you PCI compliant?
OMG don't go there... I spent about 3 weeks educating Elavon account
executives and supervisors on PCI compliance. In short vendors/software
must be PA-DSS compliant. While Merchants are required to be PCI-DSS
compliant. Which we have been for years and so has the software we
Obsidian-Studios, Inc is fully PCI-DSS compliant, and has been since
before that standard existed.
Monetra is fully PA-DSS/PABP complaint. They have been so before either
standard existed ;)
However there is new software to scan daily, etc for PCI-DSS compliance.
Elavon tried to shove this down my throat for a per month fee. However
it only runs on windows. Whoopy for me :) It took a bit to even inform
Elavon that these were servers in a secure data center. Which included
sending them pics of the server, dc, terminal screen shots of logging
The credit card processing server is a virtual machine with ssh. No
access to that machine directly from the outside world. The java
application server, and applications communicate internally on the
private firewalled lan for credit card processing. Till the external
request is made to Tsys/Vital. Which I basically showed all that to
Elavon as well. More secure than most of their merchants :)
Despite using the #3 merchant bank/clearing house, Elavon. We still