Update on the Thompson Merchant/1st National PCI DSS "mandatory" compliance

[Lady Di]

I received the below email from my web host people. It appears this may have been a scam run by 1st National Processing. I am NOT surprised, as they had once before started charging me for something I had not authorized.

"I just got off the phone with my merchant services provider. I wanted some definitive answers about the PCI compliance thing that you had posted about--and how your provider was insisting on a $20 a month scanning fee. The rep at my provider said that we, as level 4 merchants, are NOT required to do anything. He said that if your provider is going to charge you that monthly scanning fee, then they are just trying to bilk money from you! I told him that I thought you had a brick and mortar store too (since you said you accept cards in person as well) and would

that make a difference? He said that being that you make card-present transactions as well, then you are at LESS risk for PCI compliance and have less to worry about. He knows I use Authorize.net as my payment gateway, as I think you do also, and he said that is PCI compliant because the CC info is not collected or stored on our websites, thus we are already PCI compliant and have no issues. Just wanted to share this with

you as soon as I got off the phone. Hope it helps."

[Lady Di]

I ran the above past a Thompson rep, who insists this is not correct and that ALL merchants will be required to be PCI compliant by the end of the year... that it will be the merchant's responsibility. Who knows? I sure don't.