cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

PCI compliance

Cy2019
Newbie
Posts: 1
Registered: ‎11-09-2019

PCI compliance

‎11-09-2019 6:22 PM

Hello there I have been asked by my merchant services provider for a screen grab of an email from Plusnet, outlining how my router is up date with all possible firm ware etc up dates. Spent two long on phone today with Plusnet requesting the same info but getting slightly mixed messages from the numerous helpful folks I was put through to. I am being sent a new router but want to tidy this issue sharpish!!!

 

Please advise?

Yours Cyrus

Message 1 of 5
(1,972 Views)
0 Thanks
4 REPLIES 4
Gandalf
Community Gaffer
Community Gaffer
Posts: 26,577
Thanks: 10,298
Fixes: 1,600
Registered: ‎21-04-2017

Re: PCI compliance

‎12-09-2019 4:49 PM

Hi @Cy2019 thanks for getting in touch with us. We've now pushed the latest and most recent firmware to your router which should hopefully resolve this. Could you let us know how it goes once you've had a chance to test?

From 31st October 2022, I no longer have a regular presence here as I’ve moved on to a new role.
Anoush Mortazavi
Plusnet
Message 2 of 5
(1,927 Views)
0 Thanks
Townman
Superuser
Superuser
Posts: 23,052
Thanks: 9,642
Fixes: 160
Registered: ‎22-08-2007

Re: PCI compliance

‎12-09-2019 11:38 PM

@Gandalf 

Is it possible to provide a Plusnet statement on PCI-DSS compliance in respect of Plusnet supplied routers please?

From my own experience this is a minefield.  Though I have not touched PCI-DSS compliance standards since 2012, IIRC logical networks transmitting PAN and other PCI data must be separate from networks used for other purposes such as in house networking.  To me that implies the ability to support multiple VLANS.

In another browser tab, login into the Plusnet user portal BEFORE clicking the fault & ticket links

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

If this post helped, please click the Thumbs Up and if it fixed your issue, please click the This fixed my problem green button below.

Message 3 of 5
(1,910 Views)
0 Thanks
Gandalf
Community Gaffer
Community Gaffer
Posts: 26,577
Thanks: 10,298
Fixes: 1,600
Registered: ‎21-04-2017

Re: PCI compliance

‎19-09-2019 1:03 PM

@Townman Sorry for the delay, I've taken the time to go away and discuss this with @bobpullen 

So this is very much in the domain of the local network, and whilst our routers don't support multiple configurable VLANs, and we don't advertise them as being PCI-DSS compliant, they should be sufficient for running a basic PDQ merchant system. The tests that fails for the Hub Zero isn't particularly high risk, which is why the vendors tend to make an exception.

However if a company is storing sensitive payment information on their own network, it'd be a good idea for them to invest in enterprise-grade hardware/networking equipment.

I hope this helps.

From 31st October 2022, I no longer have a regular presence here as I’ve moved on to a new role.
Anoush Mortazavi
Plusnet
Message 4 of 5
(1,833 Views)
Townman
Superuser
Superuser
Posts: 23,052
Thanks: 9,642
Fixes: 160
Registered: ‎22-08-2007

Re: PCI compliance

‎19-09-2019 2:10 PM

@Gandalf 

Thank you for confirming what I suspected.

In my experience "should be sufficient" does not "cut it" in PCI-DSS compliance audits.  I agree with your sentiments that if a business user wants to run their PDQ over an internet connection (as opposed to PTSN or G3/G4) then the basic router is unlikely to "cut the mustard".  Of more particular relevance is that the WiFi environment is likely to be an even greater challenge.

https://www.ukbusinessforums.co.uk/threads/wifi-card-terminal-you-are-not-pci-dss-compliant.371236/

Users would be best advised to seek professional advice on ensuring that their installation is indeed compliant.

In another browser tab, login into the Plusnet user portal BEFORE clicking the fault & ticket links

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

If this post helped, please click the Thumbs Up and if it fixed your issue, please click the This fixed my problem green button below.

Message 5 of 5
(1,823 Views)