Results 1 to 9 of 9
  1. #1
    Full Member Lanny's Avatar
    Join Date
    April 7th, 2010
    Location
    Deep South
    Posts
    330
    Networks require Advertisers to be PCI compliant?
    Yesterday, in the afternoon (E.S.T.), on Fox News Channel, I saw an interview with a man from McAfee. The security man said that only 20% of ecommerce web sites are PCI compliant.

    Question: Do LS, CJ and SAS require their advertisers to be PCI compliant?

  2. #2
    OPM and Moderator Chuck Hamrick's Avatar
    Join Date
    April 5th, 2005
    Location
    Park City Utah
    Posts
    16,646
    Not that I am aware of. I did have a merchant who was looking at retargeting and it had to pass PCI compliance. To tell you the truth I am not familiar with PCI compliance, do you have further details?

  3. #3
    Full Member
    Join Date
    November 21st, 2010
    Posts
    230
    I don't know, but they shouldn't as it's really not for them to enforce. If you a company is retaining cardholder data, it's simply obligated to be PCI complaint to its respective level and it's up to its merchant bank (if anyone) to enforce it. But even if the bank does nothing and the company gets caught, fines can still be levied.

    so if you aren't PCI compliant now, you may want to check your agreement with your bank because I doubt the bank will eat the fines (which could be upwards of $100,000)

  4. #4
    Full Member Lanny's Avatar
    Join Date
    April 7th, 2010
    Location
    Deep South
    Posts
    330
    If they have confidential data, they need to comply
    I believe many of the smaller merchants outsource their credit card processing to third parties and that those merchants do not have credit card numbers, or, other confidential data, on their servers.

    Probably any company that does have credit card numbers, etc., on their servers, needs to be PCI compliant.

    Sounds like the networks (LS, CJ, SAS, etc.) do not require PCI compliance.

    Thanks for the feedback!

    @Chuck - I am not sure what the PCI requirements are, however, I believe they are very tough.
    Last edited by Lanny; November 27th, 2011 at 07:00 AM. Reason: @Chuck not sure of the PCI requirements

  5. #5
    Full Member
    Join Date
    November 21st, 2010
    Posts
    230
    Yes, using something like PayPal to handle your billing definitely takes a lot of pressure and the onus off of a merchant.

  6. #6
    Newbie
    Join Date
    November 27th, 2011
    Location
    England
    Posts
    6
    Cool
    There seems to be more and more regulation creeping in to the Internet Marketing Industry. I hope that the PCI law works in the way it's supposed to. Without being to interfering.

    You can read more about the new PCI rules here

  7. #7
    Member
    Join Date
    February 5th, 2009
    Posts
    141
    Yes, in order to keep a merchant account with a major bank, you must be PCI compliant. Most merchant banks require that your server is scanned periodically to ensure compliance. It's actually a pain in the neck because as often as not the "issues" are either administrative (you have not done your annual "self assessment"), or - worse yet - they find you out of compliance because of a bug in their testing. I just passed for the 2nd quarter in a row without having to update anything; and I am breathing a sigh of relief.

    Unfortunately, the banks are all so large that by the time something gets implemented in software, the chances that it addresses what it should, in the proper way, are greatly reduced. I continue to marvel at the antiquated and poorly thought out systems they have in place to handle chargebacks.

    PayPal is not a great solution for merchants. Because it handles everything, and gives you less information (they tell you if there is an address mismatch, but not whether it's the "street" portion or the zip code), you have a greater chance of a lost package due to a typo, or a reversal by PayPal after the fact. I accept credit cards, but not PayPal, for that reason. Although your merchant bank can reverse the transaction (and does if it is challenged by the customer), you can usually get the money restored when you provide transaction documentation. I shudder to think what happens with PayPal; I haven't heard anything reassuring about that ...

    There is no way for the networks to know whether you are PCI Compliant, plus it is common to be out of compliance for short periods (from when you are notified of a missing software upgrade to the time you can apply it). They can't even know if your servers are being tested. If you, as an affiliate, are concerned about sending your site visitors to non-compliant (or non-tested) merchant systems, I'd stick to major companies, and even there compliance does not mean total security. It is the large companies whose systems are targeted, and which are most likely to "lose" credit card information. However, small companies, fi they are with merchant account resellers who are not careful (and there are probably many of those), may be totally irresponsible about protecting credit card information. Too many little companies buy a store/cart system and install it on their own servers, with little or no understanding of security. They don't want to hire anyone to ensure that they aren't at risk, but doing it right is not something you can learn overnight.

    I guess that was a rant. Sorry.
    ---
    Valerie Magee
    [URL=http://mageenet.net]MageeNET[/URL]

  8. Thanks From:

  9. #8
    Newbie
    Join Date
    November 27th, 2011
    Location
    England
    Posts
    6
    Cool
    In other words Valerie. We are well and truly screwed
    Last edited by paulas; November 28th, 2011 at 09:07 AM. Reason: Used the wrong name

  10. #9
    Full Member Lanny's Avatar
    Join Date
    April 7th, 2010
    Location
    Deep South
    Posts
    330
    @Shuvee (Valerie) Thank you for all of the data you provided. Interesting! I am aware that there are issues for Merchants who accept PayPal payments. My #1 Merchant does accept PayPal and that is a big plus for me. I keep hoping that my #2 Merchant will begin accepting paypal. Hopefully, during 2012! Lanny

  11. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. starting a program: do all networks require a large deposit?
    By djc225 in forum Starting an Affiliate Program & Merchant Q&A
    Replies: 8
    Last Post: May 8th, 2012, 03:13 PM
  2. Do CPA advertisers have to log into multiple networks?
    By eSilverBullet in forum Midnight Cafe'
    Replies: 0
    Last Post: October 25th, 2010, 04:00 PM
  3. Advertisers and Networks - Frustrating
    By adFinityJoe in forum Midnight Cafe'
    Replies: 26
    Last Post: May 17th, 2007, 05:49 PM
  4. Replies: 8
    Last Post: April 14th, 2007, 01:42 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •