Yeah I'd bet their filling out the form incorrectly.
On 10/29/2015 10:57 AM, Ken Hohhof wrote:
That's a good question. I will try to press a little harder on this.
It's frustrating when PCI compliance is done by a secretary armed with
a questionnaire and a link for a web based scanner, changing things
randomly and hoping the next report says PASS not FAIL.
-----Original Message----- From: Seth Mattinen
Sent: Thursday, October 29, 2015 9:31 AM
To: af@afmug.com
Subject: Re: [AFMUG] PCI compliance and managed router
On 10/28/15 6:39 PM, Ken Hohhof wrote:
If the non-compliance fee is $20/month, I think it would be cheaper to
pay the fee. Hell, I pay $50/month now for a check scanner. My bank
wants a minimum of $25/month to handle ACH payments (which I don’t pay).
$20/month is chump change, compared to the effort I see this customer
putting into passing the yearly audit. (No auditor comes out, they do a
questionnaire and run some kind of scanning program.)
Can you ask them what they're filling out in the SAQ about the router
that's flagging this as a problem?
~Seth