I just recently received this message. Does anyone have the similar circumstance? If this is the target from Card Processing Service to increase profit at the cost of this Rule then nopCommerce user could suffer mass of consequences for not have this certification.
"These PCI security requirements have been phased in over time and now apply to ALL merchants that accept Visa, MasterCard and other payment cards."
See Below for full message.
---------------------------------------
subject IMPORTANT NOTICE [ACTION REQUIRED]
mailed-by securitymetrics.com
Thank you for choosing Card Processing Service for your Visa, MasterCard and other networks payment processing needs. Please keep reading for essential data security information about your account.
If you are concerned with the validity of this email, please call us at THE CUSTOMER SERVICE NUMBER LOCATED ON YOUR MERCHANT STATEMENT to validate this notice.
Why am I getting this e-mail?
We are the processor for your Visa, MasterCard and other payment card transactions. We are sending you this email to alert you to urgent actions you are required to take to help combat cardholder fraud and identity theft. THESE ACTIONS ARE REQUIRED BY VISA, MASTERCARD AND THE OTHER PAYMENT CARD NETWORKS.
Data Security Standards Background
In 2005, the payment card networks established a common set of industry requirements designed to help with the safe handling of sensitive payment card account information. These requirements are known as the Payment Card Industry (PCI) Data Security Standard. These PCI security requirements have been phased in over time and now apply to ALL merchants that accept Visa, MasterCard and other payment cards.
More information about this security standard is available online at: www.pcisecuritystandards.org
www.visa.com/cisp
www.mastercard.com/sdp
What do I need to do?
IF YOU ARE NOT PCI COMPLIANT, IT IS URGENT THAT YOU BECOME PCI COMPLIANT WITHOUT DELAY. To help you to achieve PCI compliance, Card Processing Service has arranged for SecurityMetrics, a certified security assessor for Visa, MasterCard, American Express and Discover Card, to provide you with their "Site Certification" service. There is NO additional cost to you for this service. The fee for the SecurityMetrics Site Certification PCI services is covered by your Annual Compliance Service Fee. You can contact SecurityMetrics at 800-557-4684. You may also contact them online at: www.securitymetrics.com.
When do I need to do this?
You are requested to resolve this by December 18, 2010, so please ACT NOW to avoid the monthly Non-Receipt of PCI Validation Fee.
What if I fail to become PCI Compliant?
The Card Associations are very serious about data security. Security breaches have affected merchants of all sizes. If you are compromised, the Association fines can range up to $500,000 per Association. These fines are in addition to other liabilities you may face in connection with the security breach.
Your participation in this program is essential in allowing us to help you be protected against any unwanted security breaches. We appreciate your time and assistance.
Sincerely,
Card Processing Service
-----------------------------------------------------------------------