Cryptopay and PCI compliance

[sparkey]

I have cryptopay with first data. They use a PCI service called trustkeeper that does a vulnerability scan on your system on a monthly basis. The issue is I don't have a static IP address so it can't do a vulnerability scan unless I go on the trustkeeper website and enter the new IP address every time. I do have a dyndns account that tracks my IP address for my cameras, but the trustkeeper website doesn't allow domain names only physical IP addresses. Is anyone else running into this? I don't have time to log on to their website each time and change the IP address. I only use the crptopay reader in my petwash and its to the point I am about to get rid of cryptopay so I don't have to deal with it.

 

[Jeff_L]

I use WashGear, and for my scans I have to run an agent on the PC at the wash. Thus, no need for a static IP. With CryptoPay, there is no PC, right? Just a router from what I've researched. So is it able to scan that? Could you even set a static IP on it?

 

[sparkey]

I use WashGear, and for my scans I have to run an agent on the PC at the wash. Thus, no need for a static IP. With CryptoPay, there is no PC, right? Just a router from what I've researched. So is it able to scan that? Could you even set a static IP on it?

You are correct. There is no computer with cryptopay. You can set a static IP address on your router, but the ISP IP address is what changes that causes the problem. Basically you have to check what our current IP address is and enter it into the trustwave website each month before the scheduled scan so the scan works or you will get charged an extra fee for being non-compliant. They fail to tell you this when you ask if it will work without a static IP address and they gladly say yes it will.

 

[Earl Weiss]

So what is the answer. How tom avoid PCI non compliance when using a provider like Comcast or pay comcast $20.00 / month extra for static IP or pay the non compliance fee?

 

[sparkey]

So what is the answer. How tom avoid PCI non compliance when using a provider like Comcast or pay comcast $20.00 / month extra for static IP or pay the non compliance fee?

The only answer I can come up with is either get a static IP address, or log your current IP address into their website the night before the scan is suppose to happen and hope it doesn't change before they do the scan.

 

[Jeff_L]

Since CryptoPay doesn't provide a way to install the trustkeeper agent, does it allow you to hard code an IP address on it? If so, it appears your only option is to continue doing what you're doing (yuck), or pay for a static IP.

 

[MEP001]

From what I've read about the system, it doesn't keep the card data, it sends it with the pre-approval and finalizes the data with an encrypted code, so it should be completely PCI compliant.

 

[BBE]

Last I knew cryptopay was NOT pci compliant. Have they made some changes?

 

[sparkey]

From what I've read about the system, it doesn't keep the card data, it sends it with the pre-approval and finalizes the data with an encrypted code, so it should be completely PCI compliant.

I explained this to them. They said it is a first data requirement. If you are using first data as a merchant you must do the scans.

 

[sparkey]

Well I spoke with cryptopay today and they are telling me they have an agreement with first data that cryptopay terminals do not have to do the vulnerability scan over the internet since the data is encrypted. They also say their terminals are PCI compliant. We are actively working to get my system removed from the Trustkeeper vulnerability scans. Hopefully this works.

 

[blurdgman]

Staic IP

I have a static IP and use it with Trustkeeper. Why don't you request a static IP from our ISP provider.
Do you like CryptoPay otherwise?
Jimmy V

 

[sparkey]

I have a static IP and use it with Trustkeeper. Why don't you request a static IP from our ISP provider.
Do you like CryptoPay otherwise?
Jimmy V

Because it cost 3 times as much and nothing else I have needs a static IP address.

 

[Car_Wash_Guy]

Because it cost 3 times as much and nothing else I have needs a static IP address.

How much do they charge you?

I have 5 static IP's for about $80/mo

 

[sparkey]

How much do they charge you?

I have 5 static IP's for about $80/mo

I just checked on this a couple month ago. Seems to me it was around $70 a month for 1 static address, after they get done with all the government fees.

 

[DiamondWash]

So is Genesys or Cryptopay PCI compliant? because I can't find either on the Official PCI Security Standards website.

 

[Jeff_L]

Whoever has the cc data in the clear has to be pic compliant. CryptoPay encrypts at the swipe and transmits the data to their servers encrypted. There, I assume, it is decrypted for processing. Therefore it is them who have to be compliant ate their server site. Talk to Dave at CryptoPay, he's well versed in this.

 

[JustClean]

...or go with Nayax.com