Software for Party Rentals, Events, and Services
 
New Topic
SupportTopicQuestionUncategorized

PCI Compliance

Casey Z. shared this question 2 months ago
Awaiting Reply

Two questions here:

This one has been requested in the past. Can you guys put dates on your knowledge-base articles? I am trying to do my PCI compliance for Global Payments, so I look for information on how to do it. I find this article on your site, but it does not match the process I am running into. In general, it would save time if we could see that an article is 3 years old. https://rental.software/support/knowledge-base/article/pci-compliance


Can you help me figure out what to do with this? I can click on "Review Now", but I have no idea what any of it means.

4ef3ec2f2751c164a631fcb7d74cbf2e

1 The same question

Comments (2)

photo
1
Susan M. 2 months ago

You will have to review these scan results and answer each according to this:

The scan results will need manual intervention to resolve:

- mark related hosts to no

- in special requests mark all as 'securely implemented'

- in the vulnerabilities, filter by pci compliant No, and mark as false positive with reason: security patches are applied nightly

Anything that doesn't match with these instructions let us know what "options" it gives you

Reply
photo
1
Casey Z. 2 months ago

Thanks. The process is very similar to the instructions in the article. I just wasn't quite connecting the dots.

Now that I have done those three things, is that it? Do I just wait?

photo
1
Susan M. 2 months ago

Yes, It may have you rescan after this but you should be good

photo
1
Casey Z. 2 months ago

This is the response I received for all 3 of the "Vulnerabilities". I can't open or download that doc. It says "Access forbidden". This is what that link points to:

https://pciassure.gpndi.com/sms/webapi/v2/scans/3990853/vulnerabilities/112841527/downloadFalsePositiveDocument


654b7b1d42524abd526098c556731bf6

photo
1
Lance S. 2 months ago

Casey, we are having the same issue with ours!

photo
1
Lance S. 2 months ago

How do we resolve these issues without really having access to IO, I'm a little green to this: bf324c13bac6d6f6bc1daeee91dabbf8

photo
1
Susan M. 58 days ago

If you can't download the documents sent over you will want to complain to them about this.

The websites we build and host are secure, but our clients have some freedom to change things so it's possible they've made their site less secure or if they are hosting it elsewhere it may have different vulnerabilities.

(we host Casey's site but not Lance's)

If after disputing and such they continue to get declined and we are the host, they can send us the details (such as that document) and w can review it.

photo
photo
1
Joel A. 58 days ago

Casey, since we are hosting your website we can help you address the 'denied disputes'.

you'll need to ask them for the document if you can't access it. Once they give you proper access to it you can send it to me and i'll review.

Reply
Leave a Comment
 
Attach a file
Powered by: UseResponse - Ideas Management Software