Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
primer:security [2017/01/05 17:32] – [What Are Your Compliance Requirements?] foxybrett | primer:security [2020/10/09 20:36] (current) – [One of my customers reported their card was stolen!] foxybrett | ||
---|---|---|---|
Line 81: | Line 81: | ||
We've outsourced our card handling to FoxyCart, which is a Level 1 PCI Compliant Service Provider listed on both Visa and MasterCard' | We've outsourced our card handling to FoxyCart, which is a Level 1 PCI Compliant Service Provider listed on both Visa and MasterCard' | ||
- | http://static.www.foxycart.com/FoxyCart_Attestation_of_PCI_Compliance.20150406.pdf | + | https://wiki.foxycart.com/ |
+ | http://www.visa.com/splisting/ | ||
+ | http://www.mastercard.com/ | ||
Do you still require that we provide proof of our own compliance? If so, do you have your own tool that we should use, or will providing the SAQ A be sufficient?</ | Do you still require that we provide proof of our own compliance? If so, do you have your own tool that we should use, or will providing the SAQ A be sufficient?</ | ||
- | - If they respond that they have their own tool, you should be able to fill that out. Otherwise, complete and send to them the PCI SAQ A, [[https:// | + | - If they respond that they have their own tool, you should be able to fill that out. Otherwise, complete and send to them the PCI SAQ A. (Get the latest version from [[https:// |
- | - If they respond that you must be compliant at a higher level (SAQ-C or SAQ-D), or that they need proof of a passing security scan, or something else, please let us know. | + | - If they respond that you must be compliant at a higher level, or that they need proof of a passing security scan, or something else, please let us know. |
===== One of my customers reported their card was stolen! ===== | ===== One of my customers reported their card was stolen! ===== | ||
Line 94: | Line 96: | ||
FoxyCart goes through extensive security reviews and audits constantly. We have intrusion prevention and detection. We monitor the logs. We're proactive about security. We handle millions of transactions for thousands of merchants all over the world. We receive only one or two reports of a compromised card each year. | FoxyCart goes through extensive security reviews and audits constantly. We have intrusion prevention and detection. We monitor the logs. We're proactive about security. We handle millions of transactions for thousands of merchants all over the world. We receive only one or two reports of a compromised card each year. | ||
- | Though it's certainly possible we have a security breach on our end, it's far more likely that their computer is compromised. The customer should wipe their computer, and/or toss it and get a new one. | + | Though it's certainly possible we have a security breach on our end, it's far more likely that your customer' |
- | Where FoxyCart has numerous safeguards in place, | + | Where FoxyCart has numerous safeguards in place, |
- | If this has happened to you or your customer and you'd like to loop us in to discussions, | + | If this has happened to you or your customer and you'd like to loop us in to discussions, |
===== Bad Ideas: Email and Sensitive Information ===== | ===== Bad Ideas: Email and Sensitive Information ===== |