SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    SitePoint Evangelist
    Join Date
    Feb 2006
    Posts
    428
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question about PCI DSS re: Phone/Mail orders

    Small home based business here, my plan to avoid this whole PCI DSS mess is to use the server integration method with Authorize.net so customers are not storing, processing or transmitting card holder data from my website. Hopefully that will be sufficient.

    The next issue that concerns me are phone and snail mail orders. What are the rules about handling cardholder data that is on paper (obviously, we shred the mail order after obtaining the authorization) and with phone orders, we also shred or delete any notes taken while on the phone.

    Is it going to come to telling customers that we cannot accept credit cards over the phone or through the mail anymore due to overwhelming new regulations?

  2. #2
    SitePoint Member
    Join Date
    Sep 2009
    Posts
    2
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    yup, you are on the hook here my friend...

    If it truely is manual, etc it should be simply a self-assessment and move on.

  3. #3
    SitePoint Evangelist
    Join Date
    Feb 2006
    Posts
    428
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If you use Paypal Website Payments Standard, with their $30/month Virtual Terminal, they don't enforce any PCI regulations with regard to snail mail or phone orders. I received this info from my account exec. at Paypal. Can anyone else confirm?


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •