Thread: Protx PCI Audit

Hi - can anyone who uses Protx on a site please explain to me the PCI Audit process, costs, how long it takes etc. The site I am building is for a small business so comes under level 4, but I am not sure what this means.

I don't want to store card details in my database, but just pass them on to Protx for processing, so is an audit still required?

Thanks

You dont need an audit, thats why you are paying protx to process your payments....you dont need to store card details !

Mike is mostly right You need to perform a self audit, as described by the VISA Level 4 PCI instructions, which also probably includes scanning your system/host/servers for PCI compliance also.

Mmm, I use PowerDNN to host, so do I need to get them scanned? It all sounds a bit odd when using a managed host environment. I can understand the need if I hosted it on my own infrastructure, but not when I use a hosting company. As PowerDNN and aspdnsf are partners, can you advise if this PCI issue applies?

Thanks

Yes, PowerDNN can "help" by providing a solid environment that they "expect" will pass PCI scans (and obviously, any good host will do that now), but the actual certification still falls on the merchant (you), and we partner with ControlScan (see our MarketPlace) if you need to have them do the scanning (or choose any other PCI scanning product).