perpetual payments NOW Cash Flows payment gateway

[easyhostmedia]

Hi

I would like to mention that i have been using Cash flows for may years as a payment processor for my hosting business without any issue

now 2 weeks ago we recieved any email from them to say that we need to be PCI compliant to use their services and we nees to provide a PCI compliant cert to them by 1st May 2012, whcih fair enough, but then they added if we do not then they will automatically enrol us into their PCI scheme and invoice us £99 for an annually payment which will need to be paid within 7 days of reciept.

I am sure this is an illegal act and we dont need to pay any invoice as we never asked to sign up to their PCI scheme, so have no contract to pay any such invoice.

 

[Artashes]

I am not clear on something. If you don't present the certificate of PCI compliance, they would certify you just by charging you a certification fee? What about the actual compliance and verification processes?

 

[easyhostmedia]

I am not clear on something. If you don't present the certificate of PCI compliance, they would certify you just by charging you a certification fee? What about the actual compliance and verification processes?

no idea the 2 emails i received are below

From: CashFlows Support
Sent: Monday, April 02, 2012 11:01 AM
To:
Subject: Reminder: Becoming PCI DSS Compliant




Reminder: Becoming PCI DSS Compliant
Dear ,

To improve security and cut fraud the card schemes created a set of Payment Card Industry Data Security Standards (PCI DSS) informing merchants and the payment industry how to securely store, process or transmit card data.

As a merchant you are required to adhere to the PCI DSS. Non compliance will result in you being responsible for any losses through fraud, and be subject to considerable fines from the card schemes.

To become compliant to the PCI DSS each of your business' profiles must obtain a certificate of compliance from a Qualified Security Assessor (QSA). If you cannot provide a certificate of compliance by 1st May 2012 we will automatically enrol you in the CashFlows Compliance Programme and you will be expected to attain compliance within 30-90 days.

The CashFlows Compliance Programme in partnership with SecurityMetrics, a Qualified Security Assessor helps you to complete your Self Assessment Questionnaire and validate your business, highlighting any additional steps you need to take to remediate non-compliance.

The CashFlows Compliance Programme costs £99 per profile, billable in advance on 1st May annually, starting 1st May 2012.

If your business is already compliant or you wish to use your own QSA, please send your valid certificate of compliance to pci@cashflows.com. Upon receiving your certificate of compliance we will exclude you from the CashFlows Compliance Programme.

CashFlows take PCI DSS Compliance very seriously and it is essential that you attain compliance as a priority.

For further information about PCI DSS and the CashFlows Compliance Programme, please visit: http://www.cashflows.com/pcidss

If you have any further queries regarding these changes, please feel free to contact customer services by emailing us at support@cashflows.com or calling +44 (0)1223 550920.
Our office opening hours are: Monday to Friday: 09:00 to 17:00 (UK)

Yours sincerely,
Customer Support
CashFlows
http://www.cashflows.com/support

Dear Terry,

Thank you for your email.

Apologies if the email you received regarding this was not clear.

As a merchant acquirer it is our responsibility to ensure that all of our merchants are PCI compliant whether they are using our Virtual Terminal, Our hosted Payment Page, API or a secure gateway. This is in accordance with the PCI DSS regulation that has been enforced from the card schemes.

Our first email sent on 01/03/12 the gave 60 days notice for merchants to decide if they would prefer to use the CashFlows solution or to use an independent QSA. We expect customers to achieve compliance within 60-90 days, Overall this is a total of 5 months.

You do not need to use the CashFlows solution for a charge of £99 per annum, you can use an independent QSA who will help you acquire PCI compliance which may come at a smaller fee depending on the complexity of your business model. I have provided a link below of independent QSAs. Please note that we cannot accept a Self Assessment Questionnaire as we are not a Qualified Security Assessor (QSA).

https://www.pcisecuritystandards.org/approved_companies_providers/index.php

Any merchants who do not contact us by the 1st of May either with a PCI certificate stating that they are compliant or to let us know that they are using another solution will be automatically enrolled on the CashFlows solution to ensure that they have a solution to PCI compliance in accordance with the Card Scheme regulations.

I hope that this has been helfpul however for any other questions please do not hesitate to contact us here at PCI support on PCI@cashflows.com.



To update your Case, simply reply to this email or use our Online Case Facility

For further help and advice, please visit our support site, where you will find our latest FAQs, Service News and our PDF guides.

Yours sincerely,
Customer Support
CashFlows
Email: support@cashflows.com
Web: http://www.cashflows.com/support

so basically on 1st may if you like it or not if you dont provide a PCI cert cashflows will sign you to their programme and invoice you in advance for £99

 

[Artashes]

Hmm.. I wonder if "Self Assessment Questionnaire" is flawed as a concept. If all you do is answer a few questions, follow a guide to make sure you have proper compliance, how is this verified?

 

[easyhostmedia]

Hmm.. I wonder if "Self Assessment Questionnaire" is flawed as a concept. If all you do is answer a few questions, follow a guide to make sure you have proper compliance, how is this verified?

Also basically i was under the impression PCI compliance is only needed if you as a merchant handle the CC/DC details or store these.

but apparantly now even if you use a payment gateway (paypal, authorise.net etc) you need to be PCI compliant

 

[StyleX Networks]

They are actually correct. PCI compliance fee is a yearly amount.