What's new

Cryptopay and PCI compliance

sparkey

Active member
Joined
May 22, 2010
Messages
905
Reaction score
187
Points
43
Location
Ohio
I have cryptopay with first data. They use a PCI service called trustkeeper that does a vulnerability scan on your system on a monthly basis. The issue is I don't have a static IP address so it can't do a vulnerability scan unless I go on the trustkeeper website and enter the new IP address every time. I do have a dyndns account that tracks my IP address for my cameras, but the trustkeeper website doesn't allow domain names only physical IP addresses. Is anyone else running into this? I don't have time to log on to their website each time and change the IP address. I only use the crptopay reader in my petwash and its to the point I am about to get rid of cryptopay so I don't have to deal with it.
 

Jeff_L

Well-known member
Joined
Dec 27, 2007
Messages
1,246
Reaction score
31
Points
48
Location
Missouri
I use WashGear, and for my scans I have to run an agent on the PC at the wash. Thus, no need for a static IP. With CryptoPay, there is no PC, right? Just a router from what I've researched. So is it able to scan that? Could you even set a static IP on it?
 

sparkey

Active member
Joined
May 22, 2010
Messages
905
Reaction score
187
Points
43
Location
Ohio
I use WashGear, and for my scans I have to run an agent on the PC at the wash. Thus, no need for a static IP. With CryptoPay, there is no PC, right? Just a router from what I've researched. So is it able to scan that? Could you even set a static IP on it?
You are correct. There is no computer with cryptopay. You can set a static IP address on your router, but the ISP IP address is what changes that causes the problem. Basically you have to check what our current IP address is and enter it into the trustwave website each month before the scheduled scan so the scan works or you will get charged an extra fee for being non-compliant. They fail to tell you this when you ask if it will work without a static IP address and they gladly say yes it will.
 

Earl Weiss

Well-known member
Joined
Aug 31, 2007
Messages
6,372
Reaction score
943
Points
113
So what is the answer. How tom avoid PCI non compliance when using a provider like Comcast or pay comcast $20.00 / month extra for static IP or pay the non compliance fee?
 

sparkey

Active member
Joined
May 22, 2010
Messages
905
Reaction score
187
Points
43
Location
Ohio
So what is the answer. How tom avoid PCI non compliance when using a provider like Comcast or pay comcast $20.00 / month extra for static IP or pay the non compliance fee?
The only answer I can come up with is either get a static IP address, or log your current IP address into their website the night before the scan is suppose to happen and hope it doesn't change before they do the scan.
 

Jeff_L

Well-known member
Joined
Dec 27, 2007
Messages
1,246
Reaction score
31
Points
48
Location
Missouri
Since CryptoPay doesn't provide a way to install the trustkeeper agent, does it allow you to hard code an IP address on it? If so, it appears your only option is to continue doing what you're doing (yuck), or pay for a static IP.
 

MEP001

Well-known member
Joined
Aug 30, 2007
Messages
16,665
Reaction score
3,946
Points
113
Location
Texas
From what I've read about the system, it doesn't keep the card data, it sends it with the pre-approval and finalizes the data with an encrypted code, so it should be completely PCI compliant.
 

BBE

Member
Joined
Nov 9, 2011
Messages
507
Reaction score
2
Points
16
Location
USA
Last I knew cryptopay was NOT pci compliant. Have they made some changes?
 

sparkey

Active member
Joined
May 22, 2010
Messages
905
Reaction score
187
Points
43
Location
Ohio
From what I've read about the system, it doesn't keep the card data, it sends it with the pre-approval and finalizes the data with an encrypted code, so it should be completely PCI compliant.
I explained this to them. They said it is a first data requirement. If you are using first data as a merchant you must do the scans.
 

sparkey

Active member
Joined
May 22, 2010
Messages
905
Reaction score
187
Points
43
Location
Ohio
Well I spoke with cryptopay today and they are telling me they have an agreement with first data that cryptopay terminals do not have to do the vulnerability scan over the internet since the data is encrypted. They also say their terminals are PCI compliant. We are actively working to get my system removed from the Trustkeeper vulnerability scans. Hopefully this works.
 

blurdgman

Member
Joined
Jan 10, 2008
Messages
97
Reaction score
0
Points
6
Staic IP

I have a static IP and use it with Trustkeeper. Why don't you request a static IP from our ISP provider.
Do you like CryptoPay otherwise?
Jimmy V
 

sparkey

Active member
Joined
May 22, 2010
Messages
905
Reaction score
187
Points
43
Location
Ohio
I have a static IP and use it with Trustkeeper. Why don't you request a static IP from our ISP provider.
Do you like CryptoPay otherwise?
Jimmy V

Because it cost 3 times as much and nothing else I have needs a static IP address.
 

sparkey

Active member
Joined
May 22, 2010
Messages
905
Reaction score
187
Points
43
Location
Ohio
How much do they charge you?

I have 5 static IP's for about $80/mo
I just checked on this a couple month ago. Seems to me it was around $70 a month for 1 static address, after they get done with all the government fees.
 

DiamondWash

Well-known member
Joined
Aug 31, 2007
Messages
2,373
Reaction score
478
Points
83
Location
Des Moines, Iowa
So is Genesys or Cryptopay PCI compliant? because I can't find either on the Official PCI Security Standards website.
 

Jeff_L

Well-known member
Joined
Dec 27, 2007
Messages
1,246
Reaction score
31
Points
48
Location
Missouri
Whoever has the cc data in the clear has to be pic compliant. CryptoPay encrypts at the swipe and transmits the data to their servers encrypted. There, I assume, it is decrypted for processing. Therefore it is them who have to be compliant ate their server site. Talk to Dave at CryptoPay, he's well versed in this.
 
Top