PCI Compliance/Credit Card Processing

I am new to the PMQ so please forgive if I overstep any rules or offend anyone, that is certainly not my intent. There has been much news lately about PCI Compliance and the unfortunate breaches on server networks. The latest to fall against hackers is Heartland Payments. Last Week a class action law suit was filed against Heartland. It is far to early to tell exactly what transpired and if Heartland was truly PCI Compliant. As I understand it, the breach was on the older legacy system which most likely was not PCI Compliance. The simple fact is that Heartlands own internal IT folks didn’t catch the breach and that my friends is a huge problem for Heartland. What does this mean to you? This is a wake up call for anyone who may be using non-compliant software to process credit cards. There are still some legacy DOS based systems out there being used. If hackers can breach a high level processing platform, hacking into a small restaurant system is a walk in the park. The fines that are levied on the likes of Card Systems, TJMax, RBS WorldPay, and now Heartland may destroy these companies ( Card Systems went under after its breach). Imagine what the potential fines would do to a small pizza owner. Be safe always, and always be compliant.

Contact me for more PCI Compliance Info

Blatant ads are not welcome here. Rather than ask people to contact you, respond to posts that you have expertise to offer. Fill out your profile. PMQ is a commercial enterprise and offers advertising space for a fee. The TT is for non-commercial discussion, though vendors are welcome.

Sorry to offend, however, I am not selling anything. PCI Compliance is a complex animal and I only offer information at no charge to anyone. As I said in the post, I am new to this site, and I thought I already signed up, but will go back to review my misstep. Thanks for the info Charles.

Sorry if it sounded like I was jumping you. I am not a mod or anything. Just trying to ease a new member in. What is your business?

No offense was taken, glad to have someone watching out! My business is hardware/software, leasing, ATM’s, Credit Card Processing and dishwasher (only at home though)!

I have been researching opening for a while now and now with the Heartland data breech, I am getting very nervous about my credit card sercurity. The more research I do, the more confused I get. I understand that I need a PCI COmpliant POS and CC processor. There are so many other things to address, I am curious to see who is doing what to protect theri business from PCI and data breeches. I am looking at getting a company to help me with security and maintianing my PCI needs.

Anyone have any experience with this? All I have seen are things that will cost me like 20K?



PCI Compliance is very confusing, even for those of us in the business, and the PCI Board has even changed the requirement guidelines several times. To view the current (and hopefully final) requirements go to www.pcicomplianceguide.org. Every business, regardless of the number of credit cards taken MUST complete the PCI Questionnaire. The Questionnaire is divided into 4 groups, based on the way you take credit cards. Go to the link above and click on “Important Links”, scroll down until you see the link for Self Assessment Questionnaire, you will need to determine which category your business will fall into.
The following link will give you the most current list of PCI Compliant payment software.
http://usa.visa.com/download/merchants/ … ations.pdf. As long as you are using compliant software to process your credit cards that eliminates one of your risks. The next step is to make certain that internally you are not storing any customers credit card information for any reason…this is strictly a no-no. This is just temptation for your employees. If you are processing credit cards via the internet through a POS System you have to have quarterly scans done by an approved vendor ( find them on PCI website) pricing for this varies but should be approximately $100.00 yearly. If you are using a stand alone terminal to process your credit cards you must be using a PCI Compliant terminal.

If you’re going to be at Pizza Expo, check out the credit card security & PCI seminar: http://www.speedlinesolutions.com/PizzaExpoSeminar

I asked our PCI auditor, Coalfire Systems, to put on this seminar at Pizza Expo. We were a little too late to get it on the regular Expo seminar agenda, so we added it to the end of our customer training event at the show.

Wednesday, March 11th, at 9 AM
Room N262 in the Las Vegas Convention Center

Hey Charles! Is this solicitor on solicitor action? Kinda like girl & girl?
I agree with you…what do you think mod?

Boys will be Boys…anyhoo…I’m not certain which post you thought was soliciting business, so if it was my post, it couldn’t be further from the truth. PCI Compliance is not what my company does. I wanted to let everyone know that PCI Compliance is real and merchants have to comply. I simply relayed the information of where you could find it, and how to make sure you are compliant. Our company must also be PCI Compliant per the regulations.

Benjamin Franklin
We must indeed all hang together, or, most assuredly, we shall all hang separately.

Sorry honey, not a boy. And that pretty lady on the corner waves at everyone because she is friendly!!!
C’mon You are here to drum up business!! Times are hard. If that is what they want on this board I can just go to another. How stupid do you think people here are?? In this business we have heard enough bs to know when to get the shovel out…just be honest about what you are doing good luck!!

Great quote.

This area does not thrive like it did in previous years based on the boys club. People simply fall off the ladder due to lack of interest. Not to imply that there is not excellent input now by a few, however, you have your trolls and well, they just spew.

Compliance in this industry is real and evolving to a tune many don’t understand or simply will not take the time to understand. It is posts like yours and many others that are not directly related to the dough, sauce, cheese, oils…etc. that bring us the help we would not otherwise be exposed to.

Prior to my Pizzeria which I sold early 2007, I was in Executive Management as a Controller and I am back there. I really appreciate this sort of contribution.


Apparently you’re calling me stupid because I don’t believe she is here to sell anything. She already has contributed enough time and information to be considered a benefit to the community.

Oh, stevO! You are very very defensive of this person. I just think sales belong in sales.
I look for ALL information about pizza business here. This person recently joined and has posted MOSTLY about credit cards which she admitted was her business. This was brought up before. I was trying to make my point with my silly sense of humor, son.
I think the moderators should take a look at this. If I am wrong I will apologize to ALL I have offended…
I sell my food in my restaurant…and I am honest about what I do

And others who seem bitter. :roll:

Based on what info? Show me a forum in this industry that is ‘thriving’? IMO There are just the same issues as there were years ago when I started to post on PMQ (back on the old forum).

There are plenty of long time posters active on this forum (yourself included). However, there are also lots with agenda’s (advertisers and others) who are coming on this board. Whilst I have no personal problem with advertisers on this site I think that they should have the professional courtesy of being up front about who they are and on what basis they comments. I for sure would want to know who someone is and on what basis they are talking when they are commenting on PCI Compliance thats just common sense isn’t it?

My name is Diana Knight and I have been in the merchant solutions industry for 10+ years. I am a Senior Level Account Representative and part owner of Card Solutions Inc. I work mostly with Restaurants and the Medical Industry. Since PCI Compliance has been introduced, and made mandatory, we have taken a pro-active approach to bring our merchants into compliance. We have emailed all of our merchants the PCI Questionnaire that is appropriated for the type of processing they use, and have asked them to fill them out and send them back to us. We don’t make a penny by doing this, if they need assistance on getting compliant we refer them to the website for PCI Compliance and tell them to look for a certified vendor. Some processors are going to start charging the merchant if they are not compliant. We find this unacceptable because the majority of merchants don’t even know about PCI Compliance. The processor is just adding another revenue stream.

I sell credit card processing, ATM’s, Restaurant/Retail POS Systems, Hardware/Software and leasing. If you go to the member section of PMQ you will find a profile that describes what I do and that profile has been up since I joined.

If I see a post where someone may be looking for a product I provide, I will send them a one line private message offering the service they are looking for. I have not and will not hound anyone. My hope is that if you become disappointed with any of your suppliers, you may remember me and seek one of the services I provide.

This is who I am and why I believe I can be a valuable asset to this site. Thank you to all who have appreciated my posts and gained insight from them. Also thank you to all who have defended my posts. Sometimes you aren’t able to please everyone. I will continue to post topics that I believe are timely for your industry, hopefully most of you will learn something you didn’t already know.

“There is no substitute for knowledge. To this day, I read three newspapers a day. It is impossible to read a paper without being exposed to ideas. And ideas… more than money… are the real currency for success.”
Eli Broad - :slight_smile:


I think that you’ve made some interesting points which some people may take notice and do something about.

I think you could have ‘helped’ youself by including your business details in your signiture to make it clear who you are and from what context/position you are providing this advice. And also its an advert should, as you say, someone wants to take things further with you.

I am hardly bitter but thanks for offering out a typical “boys club” term. Point given, taken.

Any other relative information to offer>


When I first found this fantastic forum, many, many more were posting with incredible information, science specific formulas, ideas and opinions on leasing, buying, renting…and the list goes on. The fourm thrived. I cannot produce another forum for your review like this or like it used to be.

With respect to a professional, taking an approach to educate WHILST perhaps gaining a customer. is not a troll. It is simply an advantage to those whom might not otherwise have known. Those who want to read it that way (invasion of MY BOARD) simply can’t understand the benefit of those posts, hence ego. Again, some in the forum drive people away with ego as opposed to inviting.

In consideration of knowing who is who with regard to what they posted, no, I could care less who they are. As a potential business owner or current owner or previous owner: I would take the information and research, google, consult and thank the person for participating.

No offense or “bitterness” intended.