Hi,
There is a discussion taking place between some of the UK venues at the moment regarding PCI-DSS and the possibility of de-scoping all card transactions or effective outsource the PCI compliance issues. We know that TNS now offer a Hosted Payment - Form model which requires both the TNSPay WebService API and the TNSPay Gateway's Hosted Payment and we were wondering how far Next Gen had gone in considering the new services and developments from payment providers, which may make PCI compliance cheaper, safer and less hassle.
Thanks,
Rob
Will be very interesting to see how this develops...like the ROH we want to explore ways that we can de-scope as much of our infrastructure from PCI as possible. The additional cost and complexity this has already introduced is a serious burden on the IT Department and I can’t see this getting any easier over the next few years. Just the sheer number of additional systems we now have to monitor (File Integrity Monitoring, IDP/IDS, Log Management, Wireless IPS, etc) together with the additional procedures we now have to follow make this an increasingly large part of the day to day work of the IT Department. As a tier 3 merchant, at least we are able to avoid the added burden of an annual third party audit – however I’m not convinced the threshold for this won’t be reduced over the next few years. Anything that we can do to de-risk as much of our payment infrastructure as possible and therefore remove the PCI overhead will be very welcome.