Community Forum

PCI Compliance Advice Needed

Hi All -

I am looking for any suggestions/advice for completing PCI compliance questionnaire from my merchant service provider (BofA). I was able to locate Winedirect’s PCI documentation online (https://documentation.vin65.com/Security-and-PCI-Compliance), which will help me answer some questions.

However, there are sections that pertain to our network security and system user protocols that are highly specific, and/or impractical for a small business to employ. I plan to review/confirm with our security/IT vendor that our network security protocols are up to standards.

While reviewing Winedirect’s documentation, I noticed that every one of the 264 questions has ‘yes’ as its answer. Is this the suggested approach? Any advice is appreciated.

WD is just stating that their isolated platform and processing are PCI compliant. But your network, people, and processes may introduce actions that are not. For instance, if your staff stores unencrypted, plain-text credit card information on paper, or say in the notes portion within WD, those would be out of compliance. So do the audit with your team and IT firm.