[email protected] wrote:Please check this email: Now I am confused what to do because they gonna hold my pay pal account. which we are using for at least 10 sites.
Dear Customer,
Thanks for letting us know that your business is PCI compliant, that's great news. All we need now is for you to send us your PCI certification for our records. It's very straight forward, just follow these steps:
• Click the button below
• Fill in the online form with your business details
• Upload a copy of your PCI certificate
Please note that the certification you provide must have been carried out by a PCI Qualified Security Assessor (QSA) who is certified by the PCI Security Standards Council to carry out compliance assessments. So that's it, once we have your certification, we can update our records and it's back to business as usual. Why not get it out of the way now?
If you have any questions, you can log in to your PayPal account and click 'Contact us' for personalised information on how best to get in touch with your PayPal team.
Yours sincerely,
PayPal
Hi,
That is a standard letter, i had one from Barclays.
Basically the PCI Qualified Security Assessor will run a seris of Security tests againts your servers websites security, ie firewall, anti-virus to make sure your website is secure, once you have passed, the QSA will issue a certificate to that effect.
I dont know who you bank with in the UK but Barclays refered me to a company called Security Metrics who charge £11.99.
I would go and talk to your bank.
note: i have a merchant account with paypal and i use them to process payments, ie the customer goes from my site to make payment with paypal, therefore no credit card details are stored on my db, no PCI Compliance required.
HTH