Re: a pci question

["njarendt tds.net" <njarendt () tds net>]

PCI is a lot more than just CC numbers.  I suspect that the provider
realizes that in order to secure the other information covered under PCI
compliance that a VPN is the easiest route to go.

Norm

On Mon, Apr 11, 2011 at 3:31 PM, marck e. <marck.ernest () gmail com> wrote:

> Due to avoiding being scoped in PCI-compliance, we are now searching
> for PSP (Payment Service Providers)
> Our processing volume is quite low (maybe 20 o 30 orders a month)
> We already selected a couple of PSP  and one of their requirements is
> we must establish a VPN connection with them in order they send
> payment status of orders (not credit card numbers at all)
> Even when we only would get payment status of orders,is there any
> reason we should establish a VPN connection with them?
> I mean , if we only get status of paid or not-paid for payment
> processing done on their infrastructure, why is that vpn requirement?
> Also, What is extent we are scoped regarding PCI if we are outsourcing
> all of our payment processing?
>
> thank you
>
> marck
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com



-- 
Norman Arendt, CHS III, CMAS, PhD, CFEII
President Infragard Madison Members Alliance
Middleton Fire District Plan Reviewer and Investigator
PCII and CVI Certified

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com