Cardservice asks to move to Certified CISP compliant hosting
Cardservice International threatens me to close my account by December 31st and to place me on MATCH/Terminated Merchant list, if I don't provide them with the following documents:
1. A copy of my PCI Compliance certificate.
2. A copy of my hosting company's PCI Compliance certificate.
I am in the process of working with TrustKeeper on the first one. However, what can I do about the second one if my hosting company (HostNexus) doesn't have that certificate? The server that I am on is one of EV1's servers. Is EV1's datacenter PCI compliant? If so, should EV1's certificate be sufficient for me to meet the requirement #2?
Cardservice assures me that these new standards are a must for every online merchant. So what do you all people do with this PCI crap? Cardservice is already holding 25% of my funds because I can't provide them with the above documents.
Here’s the link to visa’s cisp site and info- there are links to current compliant organizations- very few hosts at this point are in compliance (though I know Datapipe iis one which is and is also an excellent business class tier 1 host) as the compliance and certification process Is lengthy, requiring a full systems based and physical security audit dependent upon the size of the host and costly- upwards of 100k. The downstream or upstream providers which store transactional (customer data) are responsible- so for example if you lease a server and you store customer data you’re responsible- (level 3) http://usa.visa.com/business/accepti...ment/cisp.html Here’s the list of current providers- as of oct 5