Society of Payment Security Professionals Forum  

Go Back   Society of Payment Security Professionals Forum > Discussion Groups > PCI DSS Q&A
Reload this Page Cost to become DSS compliant for level 4 merchant?
Register FAQ Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #1  
Old 05-31-2007, 03:30 PM
Mike Ramirez Mike Ramirez is offline
Junior Member
  
Join Date: May 2007
Posts: 2
Default Cost to become DSS compliant for level 4 merchant?
All,

I am trying to help my business become compliant (small merchant), and have no idea how much this is going to cost. I am guessing I will need some new hardware and consultant time. Has anyone gone through this? If so, how much did it cost? I hope it isn't too difficult!

Thanks,

Mike
Reply With Quote
  #2  
Old 05-31-2007, 04:27 PM
mdahn's Avatar
mdahn mdahn is offline
Administrator
  
Join Date: Mar 2007
Location: San Francisco, CA (USA)
Posts: 155
Default
I wish I had a better answer for you, but it really depends on the size and complexity of your company. If you have only one office and one connection to the Internet it may be simple, but if you have 10-50+ retail locations then it would be more complex.

I would start by reviewing the Self-Assessment Questionaire on the PCI SSC website and trying to get a ballpark figure of how much work you will need to do.

We are here to help, but as with many things "it depends". You could have only to install a firewall and write some policies or you could have to do much more work.

In either regard, I would contact your processor/acquirer/ISO/gateway (whoever you send your transactions to) and ask them for guidance. Also, ask them what they expect from you to "validate" you are compliant.
Reply With Quote
  #3  
Old 05-31-2007, 04:43 PM
Mike Ramirez Mike Ramirez is offline
Junior Member
  
Join Date: May 2007
Posts: 2
Default
Thanks so much! I only have one location, what do you think the ballpark cost would be? I was hoping not more than a few thousand, I just really have no idea at all and the other merchants I have spoken with haven't even bothered to try to comply yet!
Reply With Quote
  #4  
Old 05-31-2007, 10:52 PM
mdahn's Avatar
mdahn mdahn is offline
Administrator
  
Join Date: Mar 2007
Location: San Francisco, CA (USA)
Posts: 155
Default
If you have one location and use an integrated point of sale system, then your highest risk lies in your (1) Internet connectivity and remote access, and (2) the type/version of your POS.

If you are estimating a few thousand dollars I would say that is right, assuming you have no internal IT staff. If you have an IT person already and a firewall, then I can imagine your compliance costs would be very low and less than you expect.

The key point you need to take into account is if your POS system stores track data or unencrypted credit card data. Check out the list of validated payment applications and see if yours is on there.

Also, stay up to date on the Visa alerts and bulletins.
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -8. The time now is 05:49 AM.

Contact Us - Society of Payment Security Professionals Forum - Archive - Top

Copyright (c) The Aegenis Group, Inc.