PCI Compliance Test

Last week I got an email notice that I had to renew my PCI compliance and I think that the outfit that administered the online test was Trustwave or something like that. It was an online quiz about how you handle credit card data and the swipe device ( you and employes). I missed two questions about wireless as it is new to me. I logged on again and retook the test and fa la I passed. Sort of a farce IMO. Just curious if you have to do this with your swipe device as there are a lot of different ones out there. Mine is Aprivapay through my bank. There is a higher PCI fee if you don't take the test.

You need to be a member of Art Fair Insiders to add comments!

Join Art Fair Insiders

Votes: 0
Email me when people reply –

Replies

  • I was approached by a salesman at a show trying to get people to sign up for his service (can't remember which one), and when I told him I use square his main point was I better be careful because square is not pci compliant and I could be liable for theft of data.
     Personally (an I admit I have no evidence to back this up) I think it is just a scare tactic. If square was as insecure as he was claiming why would credit cards companies let square operate? I think maybe square figured something out either through software or business model that gave them some sort of competitive edge and lets them work around having the user (us) deal with pci issues. Or maybe they are just taking the responsibility, and not passing it on to us like the other providers do.
      Square has been around for a while now, and I have yet to hear of an issue with squares being hacked or data being stolen from users.

  • According to Square's web site, they handle all the compliance. If you do a search on Square and PCI, you'll find some competing merchant services claiming that the the swipe device itself is hackable. I'm staying out of this one. I don't use the Square, yet, and have been happy with all aspects of my merchant services provider, except for the monthly costs. And the PCI fee, of course.

  • AFAIK you need to state that you are PCI compliant, and have the documentation to prove it. With the old-style machines, this happens once a year. Fees vary according to the merchant provider. I pay about $125 / year. The survey is one way for the merchant services companies to put the onus of providing the documentation on the individual user.

    I know that Square hasn't yet implemented a PCI compliance system that involves the end user, but I'm guessing it's only a matter of time. There is really no difference in the way that Square handles the data versus an old-style wireless machine. Both encrypt the data, neither stores the data in unencrypted form locally on the device. So why doesn't Square require PCI-compliance? Beats me.

    • My swipe device is wireless and not an older version. FYI very happy with Aprivapay and support both by phone and in person face to face. I also get $500K insurance for its use. LOL would'nt that be a great show to ripped off at.
  • I think the very best thing about the square is that so far I have not received a PCI Compliance Test.

This reply was deleted.