Pci dss question

2»

Comments

  • Will do Thank you
  • Here's a breakdown of the quote

    1 x Business Class Router/Firewall @ £225 + VAT
    2 x Orbits Hourly Labour @ £60 + VAT Each

    Total Cost: £414 inc. VAT
  • bluesnake
    bluesnake Posts: 1,460 Forumite
    is this just to install the router, configure the firewall and possibly set up a vpn, and change default passwords, or is this the quote for the whole solution excluding hardware? The router should be doable on two hours. Think it is a very competitive quote.
  • System
    System Posts: 178,311 Community Admin
    10,000 Posts Photogenic Name Dropper
    If you're using BT broadband kit, you'll probably fail on that. Because if someone could gain access to your WiFi network, there would be nothing in between stopping them from getting to the area where card data is stored.

    If you're talking about the BTWifi access point part which allows anyone on BT to access your Wifi then that statement is wrong. Whilst they access the wifi interface and the WAN interface on your router it is set up in such a way that they can't access anything connected to your LAN whether cabled or wireless.
    This is a system account and does not represent a real person. To contact the Forum Team email forumteam@moneysavingexpert.com
  • bluesnake wrote: »
    is this just to install the router, configure the firewall and possibly set up a vpn, and change default passwords, or is this the quote for the whole solution excluding hardware? The router should be doable on two hours. Think it is a very competitive quote.

    The problem is BT say the router is safe but worldpay want the networks segregated which BT cant do, so either way I have to pay for the router.

    this is all the info in the quote. There's a cheaper option without the wifi enabled. I suppose I have to ask them if all of the above is included.
    "Option 1 (WiFi Enabled – Recommended)
    1 x Business Class Router/Firewall @ £225 + VAT
    2 x Orbits Hourly Labour @ £60 + VAT Each

    Total Cost: £414 inc. VAT

    Orbits will liaise with the payment provider to ensure that the necessary compliance test is passed to the required standard."
  • bluesnake
    bluesnake Posts: 1,460 Forumite
    edited 16 January 2017 at 7:32PM
    to be honest I can see the documentation alone to take up 2 hours if not more. https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2.pdf?agreement=true&time=1484591039430 The the quarterly wifi scan by an dci approved person about $250 a year - uk price ???. Half yearly checks on firewall. Then the is the maintenance, backups and configuration, and certificates.

    I would either bypass dci by using an apple/android app and widgit that plugs onto mobile, or buy a service, or buy a reader that accepts a sim card. as there seems to be a good bit of time consuming bits and configuration associated, and for a small business may be too complicated and costly, both in time and money.

    http://www.phonetransact.com/
    http://www.payanywhere.com/
    https://www.handpoint.com/

    https://www.nerdwallet.com/blog/small-business/pos-systems-point-of-sale-restaurants/
  • azadali77
    azadali77 Posts: 18 Forumite
    Part of the Furniture 10 Posts Combo Breaker
    edited 18 January 2017 at 1:29AM
    Thank you all for replying. this is getting even more complicated now.

    I've got one more question. Does anyone know if I can go with another broadband company who could supply me with a secure router?

    Just checked on Virgin broadband and they supply with a business grade(hitron) router. I'm going to give them a call in the morning and check if the router complies with PCI DSS. It might be cheaper in the long run.
  • bluesnake
    bluesnake Posts: 1,460 Forumite
    edited 18 January 2017 at 6:47AM
    Every ISP supplies a [STRIKE]crummy cheap[/STRIKE] cost effective router.

    cisco, SonicWall, zyxell, Digi, bec technologies, and other do them. You will probably not get one for £50.

    They are mini computers that handle network traffic and need to be especially set up for YOU. It is not something you pull out of the freezer and stick it in the microwave, like an oven-ready meal.

    Here are some dss configuration notes, but for an 3.1 implementation, worth a read. http://bectechnologies.net/wordpress/wp-content/uploads/2015/12/BEC_PCI_DSS_3-1_Whitepaper_2015.pdf

    Have you contacted your bank to see what they recommend?

    Personally, I would contact http://www.draytek.co.uk/, but you have to be a techie to get this all working, though they may talk you through some of it.

    A good option is in google to type pci dss uk approved scan vendor because these are the people that will be testing your configuration every quarter, and you do not want a solution that never get certified, fails or is unreliable. You probably want 3g/4g failover too?

    That £414 quote was also very fair. I guess they see it as the supply, install and configuration of a new router, but you may expect the whole system to be configured for that price, but I could be wrong, phone them and give them the PCI DSS specs.

    Also in year 2 these routers will most likely have a software update cost associated to them, possibly a break fix maintenance cost too and you need to find that out because that could be £100's.

    Hitron might be a business router, but that does not mean it is PCI v3.2 compliant. If it is compliant, you have to find someone who can configure it, and the ISP will only be interested in the default set up and you are on your own for the rest.

    For a small business this alternative sounds great, but again I do not know the operation cost. https://www.semafone.com/wp-content/uploads/2013/01/SEM-Whitepaper_UK_Content_LR.pdf

    Also that the quote in the first post is a very small subsection of Guidance column of point 1.2.3, and there is much, much more to that.https://pcicompliance.stanford.edu/sites/default/files/pci_dss_v3-2.pdf

    Interpreting the specs, '1.1.4 Requirements for a firewall at
    each Internet connection and between any demilitarized zone (DMZ) and the internal network zone'

    you have to have a firewall between you and the outside world. Internal network segregation is done via wifi encryption and ip ranges. So a minimum of 2 ranges: 1 for wifi reader traffic which is blocked by the firewall, and one for card processing which the firewall inspects and lets through. Possibly a third ip range for customer wifi? POS devices will have certificates too?

    think you will need a fixed ip from the isp too
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 350.1K Banking & Borrowing
  • 252.8K Reduce Debt & Boost Income
  • 453.1K Spending & Discounts
  • 243.1K Work, Benefits & Business
  • 597.5K Mortgages, Homes & Bills
  • 176.5K Life & Family
  • 256.1K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.