Bank demanding PCI compliance by small business - help needed

Discussion in 'Finance, Property, Law' started by Rodney2q, Feb 1, 2013.

Welcome to the Army Rumour Service, ARRSE

The UK's largest and busiest UNofficial military website.

The heart of the site is the forum area, including:

  1. Hi chaps

    Does anyone have any experience of the PCI compliance demanded by banks from small businesses?

    My business partner and I are being pestered by our bank demanding that we carry out all sorts of checks and surveys on our IT systems to make sure we comply with a very complex set of standards.

    We don't even understand what half of the questions mean, however if we fill out the paperwork and state that certain questions are non-applicable the bank rejects the form and says thay because we don't comply they will HAVE to raise a charge against us. We certainly cannot afford to pay for one of these PCI compliance vendors to do the job for us.

    To date I have done things the army way - two up, bags of smoke and go left flanking. We have simply filled out each form saying that we do everything correctly, even when we don't know what it is we are supposed to have done.

    Does anyone who has any experience of this give us any advice on how to deal with it?

    Rodney2q
     
  2. Simple, tell them to stick their ******* evil "Big Brother Cards" right up their collective pin striped arse and work solely for wodge/wonga or neddy......and don't forget to write your invoices in guineas, that fucks their heads right up!
     
    • Like Like x 2
  3. PM sent
     
  4. Can't offer you any actual experience, but if you search Google for "PCI blog" it seems to throw up some relevant websites.

    Payment Card Industry (PCI) Blog links to PCI DSS Requirements which I hope may help you.

    Maybe it's just a spreadsheet checking exercise. If you say you are complying, they will tick a box and then they are legally covered, because you told them you are OK. A bit like HR assessing applications for management posts, in a way.
     
  5. TheIronDuke

    TheIronDuke LE Book Reviewer

    I thought this only applied to the big boys who store card data? If you are a merchant with a card reader (or a merchant website) the transaction is between customer / card and bank. No data is stored on site? If I am wrong you need a mate in the QI / QA game since it is that sort of paper chase it seems.
     
  6. Thanks for the replies chaps. We're working on it.

    Rodney2q