cancel
Showing results for 
Search instead for 
Did you mean: 

PCI compliance

Highlighted
Cy2019
Newbie
Posts: 1
Registered: 2 weeks ago

PCI compliance

Hello there I have been asked by my merchant services provider for a screen grab of an email from Plusnet, outlining how my router is up date with all possible firm ware etc up dates. Spent two long on phone today with Plusnet requesting the same info but getting slightly mixed messages from the numerous helpful folks I was put through to. I am being sent a new router but want to tidy this issue sharpish!!!

 

Please advise?

Yours Cyrus

4 REPLIES 4
Plusnet Help Team
Plusnet Help Team
Posts: 13,888
Thanks: 4,308
Fixes: 690
Registered: ‎21-04-2017

Re: PCI compliance

Hi @Cy2019 thanks for getting in touch with us. We've now pushed the latest and most recent firmware to your router which should hopefully resolve this. Could you let us know how it goes once you've had a chance to test?

If this post resolved your issue please click the 'This fixed my problem' button
 Anoush Mortazavi
 Plusnet Help Team
Superuser
Superuser
Posts: 14,519
Thanks: 5,522
Fixes: 31
Registered: ‎22-08-2007

Re: PCI compliance

@Gandalf 

Is it possible to provide a Plusnet statement on PCI-DSS compliance in respect of Plusnet supplied routers please?

From my own experience this is a minefield.  Though I have not touched PCI-DSS compliance standards since 2012, IIRC logical networks transmitting PAN and other PCI data must be separate from networks used for other purposes such as in house networking.  To me that implies the ability to support multiple VLANS.

Plusnet Help Team
Plusnet Help Team
Posts: 13,888
Thanks: 4,308
Fixes: 690
Registered: ‎21-04-2017

Re: PCI compliance

@Townman Sorry for the delay, I've taken the time to go away and discuss this with @bobpullen 

So this is very much in the domain of the local network, and whilst our routers don't support multiple configurable VLANs, and we don't advertise them as being PCI-DSS compliant, they should be sufficient for running a basic PDQ merchant system. The tests that fails for the Hub Zero isn't particularly high risk, which is why the vendors tend to make an exception.

However if a company is storing sensitive payment information on their own network, it'd be a good idea for them to invest in enterprise-grade hardware/networking equipment.

I hope this helps.

If this post resolved your issue please click the 'This fixed my problem' button
 Anoush Mortazavi
 Plusnet Help Team
Superuser
Superuser
Posts: 14,519
Thanks: 5,522
Fixes: 31
Registered: ‎22-08-2007

Re: PCI compliance

@Gandalf 

Thank you for confirming what I suspected.

In my experience "should be sufficient" does not "cut it" in PCI-DSS compliance audits.  I agree with your sentiments that if a business user wants to run their PDQ over an internet connection (as opposed to PTSN or G3/G4) then the basic router is unlikely to "cut the mustard".  Of more particular relevance is that the WiFi environment is likely to be an even greater challenge.

https://www.ukbusinessforums.co.uk/threads/wifi-card-terminal-you-are-not-pci-dss-compliant.371236/

Users would be best advised to seek professional advice on ensuring that their installation is indeed compliant.