Hello RAMP users,
How has RAMP affected your PCI compliance status? I'm going to assume that you all process through window, mail, phone and Internet sales. It looks to me that because of all the different MOSs we have to use the SAQ D. Is this the questionnaire you are using?
Gloria
Hi Gloria, It's probably different here in the UK, but we are a RAMP client and are filling in SAQ D just like you. We've not been able to achieve compliance yet, but I think once we upgrade to version 12.5 the tokenisation facility will make things a lot easier.
I thought that the RAMP environment would put the whole transaction process out of scope, but it appears not.
We have an extra problem because our IT is supported by an external company who are not very pro-active and, frankly, not very helpful. So getting information like firewall settings and pen test results can be a bit like pulling teeth!
Hope you are having an easier time. It's not the most stimulating of tasks.
Debbie
Hi Gloria,
With only card-not-present transactions (no card swiping), I think RAMP might qualify for SAQ C ("Merchants with PAS Connected to the Internet - No Electronic Cardholder Data Storage").
I hoped RAMP might qualify for SAQ C-VT, but not being a web application and having more than one terminal, probably not for us.
Hope your process went well,
Cam