Results 1 to 3 of 3
  1. #1

    Cardservice asks to move to Certified CISP compliant hosting

    Cardservice International threatens me to close my account by December 31st and to place me on MATCH/Terminated Merchant list, if I don't provide them with the following documents:

    1. A copy of my PCI Compliance certificate.
    2. A copy of my hosting company's PCI Compliance certificate.

    I am in the process of working with TrustKeeper on the first one. However, what can I do about the second one if my hosting company (HostNexus) doesn't have that certificate? The server that I am on is one of EV1's servers. Is EV1's datacenter PCI compliant? If so, should EV1's certificate be sufficient for me to meet the requirement #2?

    Cardservice assures me that these new standards are a must for every online merchant. So what do you all people do with this PCI crap? Cardservice is already holding 25% of my funds because I can't provide them with the above documents.

  2. #2
    Join Date
    Feb 2004
    Here’s the link to visa’s cisp site and info- there are links to current compliant organizations- very few hosts at this point are in compliance (though I know Datapipe iis one which is and is also an excellent business class tier 1 host) as the compliance and certification process Is lengthy, requiring a full systems based and physical security audit dependent upon the size of the host and costly- upwards of 100k. The downstream or upstream providers which store transactional (customer data) are responsible- so for example if you lease a server and you store customer data you’re responsible- (level 3) Here’s the list of current providers- as of oct 5

  3. #3
    Join Date
    Aug 2005
    Boston, MA
    I was under the impression that you had to be doing over 6 million transactions a year in order to require a physical security audit.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts