Browse the Business Exchange to find information, resources and peer reviews to help you select the right solution for your business.
Learn moreIf you’re interested in learning more about contributing to your Proformative community, we have many ways for you to get involved. Please email content@proformative.com to learn more about becoming a speaker or contributing to the blogs/Q&A Forum.
Answers
Company: Computer Outfitters
Hi, a few questions...are you sure you are "in scope" for PCI? What is your annual credit card volume ($)? Do you have software running on your system that actually captures and stores the credit card information or are you using an internet application to enter and process the cards?
Company: Aldrich Services LLP
FYI as of 2012 (2013?) there is not an "in scope" level. Everyone has to be compliant.
Company: Medline
Cost of compliance vs. Tokenization project.
We implemented Tokenization to remove the credit card number out of our environment using a PCI certified partner. The standard allows you to rely on a third party's compliance to meet your requirements.
This does not eliminate the compliance effort on your side but changes it from a ball park to a bread basket.
Company: Chuck Boecking
The easiest way to become PCI compliant (related to credit cards) is to not store credit card details at all. This should help you bypass most of the survey. Most CC processors have a tokenization program to help achieve this ability. Authorize.net's program is called CIM.
Here is an example of how this works:
(1) let say you use Magento as a webstore. You install an Authorize.net CIM magento extension. The extension allows you to capture and store the tokens and not the CC details for each transaction.
(2) If you use an ERP to manage your finances and fulfillment, you will probably want to update it to use the tokens passed from Magento (during order import). Depending on your level of integration, you can issue return directly from the ERP using the tokens, or you can go back into the webstore to reverse the transaction.
If you do not use a webstore at all, the same process applies to your ERP oraccounting system.
If you have questions, you are welcome to call. Much of my work this year has been around updating ERP system to achieve PCI compliance.
I hope this helps!
On this page, you will find a video tutorial:
http://www.authorize.net/solutions/merchantsolutions/merchantservices/cim/
Chuck Boecking