Jump to content

mcafee pci compliance phone calls

Guest JewelryCollectibles

By Guest JewelryCollectibles
in Technical Help

 Share

Recommended Posts

Guest JewelryCollectibles

Guest JewelryCollectibles

Posted
Posted

McAfee has been calling customers of CubeCart (many of my clients) and telling them ~ and now me today ~ that if we are not PCI compliant certified by January 31st, 2010, we cannot accept credit card payments from our websites.

Now, the web hosting company is PCI compliant, the merchant account is PCI compliant, and we now have to spend add'l $$$ to get some kind of little ticker on the website to say we are compliant???

Is this going to be a law as of January 31st, 2010?

Does anyone have the real story about this?

Why is McAfee calling everyone? I don't see where Cubecart is endorsing them or has given us any info about this although I could have missed it.

Can anyone shed any light on this?

I find it annoying that some very fast talking salesman from McAfee calls my clients and now myself to say we can no longer accept credit cards on our sites if the mechanisms we use are PCI compliant without the guy actually being able to explain anything to me.

Link to comment
Share on other sites

Robsta Newbie

Robsta

Posted
Posted

We had an email from a client with the same story, he pointed them to us and we got an email from them shortly afterwards. I find it a little strange that a company is doing this, but they are not acting on behalf of Devellion.

I'm treating it like spam and cold calling... ie I'm just ignoring them (like so many others I expect).

Link to comment
Share on other sites
Guest JewelryCollectibles

Guest JewelryCollectibles

Posted
Posted

We had an email from a client with the same story, he pointed them to us and we got an email from them shortly afterwards. I find it a little strange that a company is doing this, but they are not acting on behalf of Devellion.

I'm treating it like spam and cold calling... ie I'm just ignoring them (like so many others I expect).

Thanks!

That was the way I told my clients to treat it, however, when I got the call from them (McAfee) I found out why my clients were getting very annoyed....... the guy was really pushy and threatening, you know, if we don't buy the McAfee product then we cannot process credit card transactions online anymore. I basically told him to go blow, but wanted to confirm that he was not acting on behalf of Devillion, because none of us had received any official communication about this directly from Devellion.

Thanks very much for clarifying.

Link to comment
Share on other sites
Guest bennyuk

Guest bennyuk

Posted
Posted

If McAfee are scaring/conning/confusing CC clients then it makes me sad, but I wouldn't be surprised.

*Hopefully* McAffe *could* provide an excellent service whereby they assess if people actually need to be PCI compliant, and if they DO then they can help them out for a fee, and if people DONT need to be PCI compliant McAfee could tell them and not charge them for something they don't need...

PCI compliance can be quite confusing, and I'm sure some people get conned into paying for something they didn't need.

It would be great if there was someone or company that could tell us what weed need to do (or give some example scenarios we can relate to).

As someone who has little PCI knowledge, I am under the impression that for my CC stores that do not store any customers credit card info (either in digital or written down form) I do not need to pay anyone to become PCI compliant.

Can anyone give me some concrete info on this area? (eg example scenarios that will be relevant to CC users)

Ben

Link to comment
Share on other sites
Guest JewelryCollectibles

Guest JewelryCollectibles

Posted
Posted

If McAfee are scaring/conning/confusing CC clients then it makes me sad, but I wouldn't be surprised.

*Hopefully* McAffe *could* provide an excellent service whereby they assess if people actually need to be PCI compliant, and if they DO then they can help them out for a fee, and if people DONT need to be PCI compliant McAfee could tell them and not charge them for something they don't need...

PCI compliance can be quite confusing, and I'm sure some people get conned into paying for something they didn't need.

It would be great if there was someone or company that could tell us what weed need to do (or give some example scenarios we can relate to).

As someone who has little PCI knowledge, I am under the impression that for my CC stores that do not store any customers credit card info (either in digital or written down form) I do not need to pay anyone to become PCI compliant.

Can anyone give me some concrete info on this area? (eg example scenarios that will be relevant to CC users)

Ben

That's basically what I'm asking. The guy who called me from McAfee yesterday said I "HAD" to have a PCI compliant website by January 31 2010 or I could no longer accept credit cards online.

I asked this man since the web host was PCI compliant, and the merchant account was PCI compliant (PayPal Pro website payments) then what made my website non-compliant?

He said because the website itself is in a "grey" area. I asked him what that meant. He couldn't explain it. I said the website uses SSL, it's secure, encrypted, etc. so where is the "grey" area? He still couldn't explain but wanted me to purchase a service from them.

I told him until he could explain the "grey" area thing to me and show me where it was written that I had to have this service by law, I wasn't purchasing anything from them. I don't store credit card numbers since they go straight thru to the merchant account.

I'd just like to know about this to better educate myself as a merchant but I don't want pushy salespeople pestering me and my clients, some of whom were pretty rattled by the phone calls.

Show me a legitimate need or that it's going to enacted into law and I will be happy to comply. Until then, the PCI compliant merchant account and SSL cert will have to do.

Link to comment
Share on other sites
Guest bennyuk

Guest bennyuk

Posted
Posted

Maybe someone has something good to say about McAfee PCI services? Thats would be good to hear, because I wouldn't be happy to promote their services if they tried a hard sell on customers that don't need it.

Link to comment
Share on other sites
Homar Newbie

Homar

Posted
Posted

Complete an utter rubbish. In order to be PCI compliant, you need to have your server and network (amongst other things) audited. If you do not store credit card information on your servers, the best you can do is ensure that the data is passed from one point to the other in a safe and secure manner - SSL is a must here! These guys do not know whether or not you are PCI compliant. They're simply betting that you're not and trying to scare you into paying for a service that you probably don't need: welcome to marketing. They certainly should not be contacting your clients. If they are, insist that they desist immediately.

Link to comment
Share on other sites
  • 5 weeks later...
Guest Roger Huston

Guest Roger Huston

Posted
Posted

Is this only in the UK? This sounds like a scam since no EXTERNAL product can make a website INTERNALLY comply with PCI. The McAfee product only scans your website for security holes, but does not make a website PCI compliant.

If I got one of those phone calls, I would simply tell them that we are PCI compliant already and be done with it.

However, I wish that someone would make an Authorize.net CIM module so those of us who wanted to store private customer info, including CC info in our stores could do so securely.

- Roger

Link to comment
Share on other sites
  • 3 months later...
  • 3 months later...
Guest

Guest

Posted
Posted

I had Mcafee on the phone; they were trying to tell me my comodo cert was junk. After a long debate, the caller said he'd give me his number in case I woke-up one day. Be sure, I will never switch to Mcafee now!

Link to comment
Share on other sites
vokf Newbie

vokf

Posted
Posted

I had Mcafee on the phone; they were trying to tell me my comodo cert was junk. After a long debate, the caller said he'd give me his number in case I woke-up one day. Be sure, I will never switch to Mcafee now!

This sounds very unprofessional of them. Are you sure its actually McAfee, and not a salesperson calling on behalf of McAfee?

I get lots of this - I'm a wedding DJ, and so have to provide my full contact details on my website.

I get frequent calls from "on behalf of Google/Microsoft", and also get the same in my day job..

For any cold calls - I tell them I do not do business that way, and will research my own suppliers, thank them and hang-up.

So - if you get any more of these calls, clarify who is calling.. McAfee, or a distributor/agent etc...

I normally get "Hi, its xxxxxx here from Microsoft".

Me: "actually Microsoft?"

Them "I'm calling on behalf of Microsoft"...

The rest is short n sweet (but polite) :-)

Business owners are required to know the laws/legislations that they need to run their business in. UK would be TAX/Data Protection/HSE/Consumer Law and many more.

So... if PCI is a requirement, it is the business owners obligation to be aware of this and comply. "sorry, I did not realise" is not a valid excuse when you're running a business.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...