Ken -
I am in a very similar situation. About 100+ installations throughout the country, using Mercury. We have been in touch with Trustwave and 403 Labs, with fee estimates from 15,000 - 20,000, which doesn't account for time spent to meet all the requirements, including change logs, code reviews, and the list goes on. Then there is also the cost to our clients for audits.
I found X-Charge by Googling "VFP PADSS" which took me to Joel Leach's blog. I am doing more research into X-Charge now.
Thanks for your input!
>Hi Carsten,
>
>PCI Compliance is scary, especially for small shops. I too am a single developer shop. I have a POS system that is in use by about 50 locatons in Connecticut.
>
>When I first got wind of PCI Compliance stuff, I checked and found that an audit of the software was required and the cost of the audit was $30,000. Forget it!! Perhaps that has changed but....
>
>And I think it would be impossible for small shops to pass because of requirements for version control, quality control etc etc.
>
>I currently support PC Charge, X-Charge and Mercury. I really LIKE X-Charge because I am totally insulated from the PCI stuff. Basically I never see the Credit Card data so there is no way I can store it. I simply pass a parameter (amount) to the X-Charge control and X-Charge takes it form there and tells me the result.
>
>On top of that, X-Charge support is top notch. Installation is a breeze. You set up a date and time, X-Charge calls you, logs into the cash register and does everything. You just make sure the internet connection is good.
>
>And if that is not enough, I get a nice commission check every month from X-Charge.
>
>The last time I spoke to the Mercury rep, she told me thet are planning a similar developer interface but I have not seen it yet.
>
>I would be very interested to hear what you have discovered on this topic.
>
>Ken
>
>(860) 280-6871
>
>
>
>
>
>>Hi all -
>>
>>Just wondering what everyone is using to get PA-DSS compliance for credit card processing. What companies are you using for assessments, anything best to look for when choosing? We are a small shop (1 developer) and are trying to figure out the best way to go here.
>>
>>Is anyone using payment processors such as
https://www.x-charge.com/ to deal with PA-DSS? Is it working for you?
>>
>>Any insights would be appreciated!
Carsten M. Thode