PCI compliance

Evan_Purdy · October 17, 2018, 12:15pm

We are multi-tenant cloud users. We currently use Infintech for our credit card processor. Infintech is saying we are not PCI complaint. Our IT contractor says it will cost 60k up front to get us PCI complaint and then a yearly cost to boot. We are a small company (about 10 office workers), so that price seemed very high to me.

This puts us in a really bad spot. We don’t want to stop accepting credit cards, but the cost for PCI compliance is ridiculous. I don’t really get how PCI complaince works, I would have thought that since we are cloud users and do not store credit card information on site we wouldn’t have to be complaint but apparently that is not the case.

How are you guys handling PCI compliance? Does that cost seem reasonable?

chelgemoe · October 17, 2018, 1:47pm

Hi Evan,
I would be more than happy to have a conversation with you about PCI compliance and how you guys are currently processing. I have been doing this for over 10 years and do have a significant amount of knowledge to share and would love to chat. Shoot me an e-mail separately to discuss.

Have a great day!

chelgemoe · October 17, 2018, 1:51pm

By the way, yes $60,000 seems like a ridiculous amount of money.

Evan_Purdy · October 17, 2018, 6:47pm

@Mark_Wonsil I know you are on cloud, have you had any trouble with PCI compliance?

chelgemoe · October 17, 2018, 9:06pm

Hey Evan,

I did some checking with my PCI compliance team. Typically with an ERP system you would be SAQ C, but since you are in the cloud and keying in transactions you can actually do SAQ C-VT which does not require scanning. This is really great news for you as it is a very easy SAQ to complete and most importantly, NO quarterly scans. If you have any additional questions please let me know.

If you want me to check out your rates for you we do that as well.

Have a great day!!!

chelgemoe · October 17, 2018, 9:27pm

Hey Evan,

I did some checking with my PCI compliance team. Typically with an ERP system you would be SAQ C, but since you are in the cloud and keying in transactions you can actually do SAQ C-VT which does not require scanning. This is really great news for you as it is a very easy SAQ to complete and most importantly, NO quarterly scans. If you have any additional questions please let me know.

If you want me to check out your rates for you we do that as well.

Have a great day!!!

Evan_Purdy · October 18, 2018, 5:11pm

Does anyone here use epicor payment exchange? If you use the virtual terminal is it tied into Epicor so you can just pull up an invoice and it will have all the information already?