PCI is a lot more than just CC numbers. I suspect that the provider realizes that in order to secure the other information covered under PCI compliance that a VPN is the easiest route to go.
Norm On Mon, Apr 11, 2011 at 3:31 PM, marck e. <[email protected]> wrote: > Due to avoiding being scoped in PCI-compliance, we are now searching > for PSP (Payment Service Providers) > Our processing volume is quite low (maybe 20 o 30 orders a month) > We already selected a couple of PSP and one of their requirements is > we must establish a VPN connection with them in order they send > payment status of orders (not credit card numbers at all) > Even when we only would get payment status of orders,is there any > reason we should establish a VPN connection with them? > I mean , if we only get status of paid or not-paid for payment > processing done on their infrastructure, why is that vpn requirement? > Also, What is extent we are scoped regarding PCI if we are outsourcing > all of our payment processing? > > thank you > > marck > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > -- Norman Arendt, CHS III, CMAS, PhD, CFEII President Infragard Madison Members Alliance Middleton Fire District Plan Reviewer and Investigator PCII and CVI Certified
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
