PCI Compliance Concerns

  • Question
  • Updated 5 years ago
  • Answered
So basically you're not certified as PCI complaint, have no business address listed, and want me to store all my users credit card numbers with you? As a business owner wouldn't I have to be nuts to sign up for that?
Photo of BillB

Bill

  • 1 Post
  • 0 Likes
  • anxious

Posted 6 years ago

  • 4
Photo of Nathaniel Talbott

Nathaniel Talbott, Official Rep

  • 969 Posts
  • 94 Likes
While we don't list an address, that's mostly because we work from our homes at this point. If you search for any/all of the founders (http://spreedly.com/info/team) you'll find that we're all very public and findable people, so we're not trying to hide. You can also check with the state of Delaware - Spreedly is a duly registered C corporation.

If you're still uncomfortable I'd definitely suggest you take a different route, but we have a lot of very happy business owners on Spreedly, so it must not be completely crazy :-)
Photo of cattledogitC

cattledogit

  • 1 Post
  • 0 Likes
Could you provide some additional detail? Isn't PCI certification required in order for you to store credit card info? When do you expect to receive certification? Can the credit card info be stored instead by the payment gateway? Does Speedly eliminate the need for us (as a Speedly customer) to obtain PCI certification? Thanks.
Photo of Nathaniel Talbott

Nathaniel Talbott, Official Rep

  • 969 Posts
  • 94 Likes
First of all, PCI certification has become an '09 priority - we're working to get our gold sticker before the year is out. Second, what your business needs to do in relation to PCI is largely dependent on the merchant bank you're using - if you're concerned about it you should get in touch with them and see what they say.

Again, PCI certification *is* coming - I'll update once we've landed it.
Photo of Jason Schwartz

Jason Schwartz

  • 2 Posts
  • 0 Likes
Are you storing credit card numbers? Can you legally do that if you aren't PCI compliant? What is your PCI certification status?
Photo of Nathaniel Talbott

Nathaniel Talbott, Official Rep

  • 969 Posts
  • 94 Likes
PCI affects liability in the event of a breach, and can also affect your ability to acquire merchant services. There's not any illegality involved per say.

We are storing payment information, and we're officially in the process of getting our certification. We expect to have it in place by year's end, if not sooner.
Photo of Ben ArledgeBA

Ben Arledge

  • 1 Post
  • 0 Likes
Any update on this?
Photo of Nathaniel Talbott

Nathaniel Talbott, Official Rep

  • 969 Posts
  • 94 Likes
We are working with a QSA to verify our compliance, and anticipate having full certification no later than end of February. Almost there...
Photo of brucegreigB

brucegreig

  • 23 Posts
  • 2 Likes
Just keeping the pressure on here - still expecting PCI compliance by end Feb?
Photo of Nathaniel Talbott

Nathaniel Talbott, Official Rep

  • 969 Posts
  • 94 Likes
The biggest and most important piece of the process should happen this week. From there we just have to churn through documentation. Getting close!
Photo of sevitzdotcom

sevitzdotcom

  • 114 Posts
  • 0 Likes
Slightly related, but have you considered adding http://www.braintreepaymentsolutions.... as a gateway / solution?
Photo of Nathaniel Talbott

Nathaniel Talbott, Official Rep

  • 969 Posts
  • 94 Likes
Braintree is in the pipe, actually. Should be available within 2-4 weeks.
Photo of sevitzdotcom

sevitzdotcom

  • 114 Posts
  • 0 Likes
ooooh. We’re going to look at getting on that if possible.
Photo of Eirik Johansen

Eirik Johansen

  • 6 Posts
  • 0 Likes
What's the status on PCI compliance? I could not find any information about this on your web site.
Photo of brucegreigB

brucegreig

  • 23 Posts
  • 2 Likes
Yep, I'd like to know about this too, please.
Photo of Nathaniel Talbott

Nathaniel Talbott, Official Rep

  • 969 Posts
  • 94 Likes
Official Response
We haven't said much yet, but we just updated the FAQ (last one on the page): http://www.spreedly.com/info/faq/

To summarize: we're fully/officially PCI compliant now.
Photo of brucegreigB

brucegreig

  • 23 Posts
  • 2 Likes
Good work, well done!
Photo of sevitzdotcom

sevitzdotcom

  • 114 Posts
  • 0 Likes
Great news. We’ve gone and filled out our PCI compliance form and now are PCI compliant now.
Photo of Eirik Johansen

Eirik Johansen

  • 6 Posts
  • 0 Likes
Great! Is there any "official" list on the web of PCI compliant companies/services where you are listed?
Photo of Nathaniel Talbott

Nathaniel Talbott, Official Rep

  • 969 Posts
  • 94 Likes
No; we will be displaying an official seal from our assessor once we get the page up to hold it.
Photo of Eirik Johansen

Eirik Johansen

  • 6 Posts
  • 0 Likes
Until you do - how can our merchant account provider check that you are PCI compliant?
Photo of Jarrod Drysdale

Jarrod Drysdale

  • 5 Posts
  • 0 Likes
Fantastic! Thanks for the update.
Photo of Nathaniel Talbott

Nathaniel Talbott, Official Rep

  • 969 Posts
  • 94 Likes
Anyone who needs more proof for their merchant account provider can email support@spreedly.com - we have something we can provide you on a case-by-case basis.
Photo of Sam Aparicio

Sam Aparicio

  • 1 Post
  • 0 Likes
Hi Nathaniel... I did this but I haven't heard back.
Photo of John M. Carlin

John M. Carlin

  • 5 Posts
  • 0 Likes
Hi Sam,

You should have all the details in your inbox. Please contact me directly if you need additional info.

Cheers,

John