Guest JewelryCollectibles Posted October 15, 2009 Share Posted October 15, 2009 McAfee has been calling customers of CubeCart (many of my clients) and telling them ~ and now me today ~ that if we are not PCI compliant certified by January 31st, 2010, we cannot accept credit card payments from our websites. Now, the web hosting company is PCI compliant, the merchant account is PCI compliant, and we now have to spend add'l $$$ to get some kind of little ticker on the website to say we are compliant??? Is this going to be a law as of January 31st, 2010? Does anyone have the real story about this? Why is McAfee calling everyone? I don't see where Cubecart is endorsing them or has given us any info about this although I could have missed it. Can anyone shed any light on this? I find it annoying that some very fast talking salesman from McAfee calls my clients and now myself to say we can no longer accept credit cards on our sites if the mechanisms we use are PCI compliant without the guy actually being able to explain anything to me. Quote Link to comment Share on other sites More sharing options...
Robsta Posted October 16, 2009 Share Posted October 16, 2009 We had an email from a client with the same story, he pointed them to us and we got an email from them shortly afterwards. I find it a little strange that a company is doing this, but they are not acting on behalf of Devellion. I'm treating it like spam and cold calling... ie I'm just ignoring them (like so many others I expect). Quote Link to comment Share on other sites More sharing options...
Guest JewelryCollectibles Posted October 16, 2009 Share Posted October 16, 2009 We had an email from a client with the same story, he pointed them to us and we got an email from them shortly afterwards. I find it a little strange that a company is doing this, but they are not acting on behalf of Devellion. I'm treating it like spam and cold calling... ie I'm just ignoring them (like so many others I expect). Thanks! That was the way I told my clients to treat it, however, when I got the call from them (McAfee) I found out why my clients were getting very annoyed....... the guy was really pushy and threatening, you know, if we don't buy the McAfee product then we cannot process credit card transactions online anymore. I basically told him to go blow, but wanted to confirm that he was not acting on behalf of Devillion, because none of us had received any official communication about this directly from Devellion. Thanks very much for clarifying. Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted October 16, 2009 Share Posted October 16, 2009 McAfee did contact us to ask if they were allowed to do this. We have not shared any personal customer data with them at all due to data protection laws. We are a partner of McAfee and are happy to promote their services. We purchased McAfee Secure for our website. Quote Link to comment Share on other sites More sharing options...
Guest bennyuk Posted October 16, 2009 Share Posted October 16, 2009 If McAfee are scaring/conning/confusing CC clients then it makes me sad, but I wouldn't be surprised. *Hopefully* McAffe *could* provide an excellent service whereby they assess if people actually need to be PCI compliant, and if they DO then they can help them out for a fee, and if people DONT need to be PCI compliant McAfee could tell them and not charge them for something they don't need... PCI compliance can be quite confusing, and I'm sure some people get conned into paying for something they didn't need. It would be great if there was someone or company that could tell us what weed need to do (or give some example scenarios we can relate to). As someone who has little PCI knowledge, I am under the impression that for my CC stores that do not store any customers credit card info (either in digital or written down form) I do not need to pay anyone to become PCI compliant. Can anyone give me some concrete info on this area? (eg example scenarios that will be relevant to CC users) Ben Quote Link to comment Share on other sites More sharing options...
Guest JewelryCollectibles Posted October 16, 2009 Share Posted October 16, 2009 If McAfee are scaring/conning/confusing CC clients then it makes me sad, but I wouldn't be surprised. *Hopefully* McAffe *could* provide an excellent service whereby they assess if people actually need to be PCI compliant, and if they DO then they can help them out for a fee, and if people DONT need to be PCI compliant McAfee could tell them and not charge them for something they don't need... PCI compliance can be quite confusing, and I'm sure some people get conned into paying for something they didn't need. It would be great if there was someone or company that could tell us what weed need to do (or give some example scenarios we can relate to). As someone who has little PCI knowledge, I am under the impression that for my CC stores that do not store any customers credit card info (either in digital or written down form) I do not need to pay anyone to become PCI compliant. Can anyone give me some concrete info on this area? (eg example scenarios that will be relevant to CC users) Ben That's basically what I'm asking. The guy who called me from McAfee yesterday said I "HAD" to have a PCI compliant website by January 31 2010 or I could no longer accept credit cards online. I asked this man since the web host was PCI compliant, and the merchant account was PCI compliant (PayPal Pro website payments) then what made my website non-compliant? He said because the website itself is in a "grey" area. I asked him what that meant. He couldn't explain it. I said the website uses SSL, it's secure, encrypted, etc. so where is the "grey" area? He still couldn't explain but wanted me to purchase a service from them. I told him until he could explain the "grey" area thing to me and show me where it was written that I had to have this service by law, I wasn't purchasing anything from them. I don't store credit card numbers since they go straight thru to the merchant account. I'd just like to know about this to better educate myself as a merchant but I don't want pushy salespeople pestering me and my clients, some of whom were pretty rattled by the phone calls. Show me a legitimate need or that it's going to enacted into law and I will be happy to comply. Until then, the PCI compliant merchant account and SSL cert will have to do. Quote Link to comment Share on other sites More sharing options...
Guest bennyuk Posted October 16, 2009 Share Posted October 16, 2009 Maybe someone has something good to say about McAfee PCI services? Thats would be good to hear, because I wouldn't be happy to promote their services if they tried a hard sell on customers that don't need it. Quote Link to comment Share on other sites More sharing options...
Homar Posted October 16, 2009 Share Posted October 16, 2009 Complete an utter rubbish. In order to be PCI compliant, you need to have your server and network (amongst other things) audited. If you do not store credit card information on your servers, the best you can do is ensure that the data is passed from one point to the other in a safe and secure manner - SSL is a must here! These guys do not know whether or not you are PCI compliant. They're simply betting that you're not and trying to scare you into paying for a service that you probably don't need: welcome to marketing. They certainly should not be contacting your clients. If they are, insist that they desist immediately. Quote Link to comment Share on other sites More sharing options...
Guest Roger Huston Posted November 16, 2009 Share Posted November 16, 2009 Is this only in the UK? This sounds like a scam since no EXTERNAL product can make a website INTERNALLY comply with PCI. The McAfee product only scans your website for security holes, but does not make a website PCI compliant. If I got one of those phone calls, I would simply tell them that we are PCI compliant already and be done with it. However, I wish that someone would make an Authorize.net CIM module so those of us who wanted to store private customer info, including CC info in our stores could do so securely. - Roger Quote Link to comment Share on other sites More sharing options...
Guest sera ulu Posted March 2, 2010 Share Posted March 2, 2010 Thanks for that!how to hypnotize someone Quote Link to comment Share on other sites More sharing options...
Guest Posted June 21, 2010 Share Posted June 21, 2010 I had Mcafee on the phone; they were trying to tell me my comodo cert was junk. After a long debate, the caller said he'd give me his number in case I woke-up one day. Be sure, I will never switch to Mcafee now! Quote Link to comment Share on other sites More sharing options...
vokf Posted June 21, 2010 Share Posted June 21, 2010 I had Mcafee on the phone; they were trying to tell me my comodo cert was junk. After a long debate, the caller said he'd give me his number in case I woke-up one day. Be sure, I will never switch to Mcafee now! This sounds very unprofessional of them. Are you sure its actually McAfee, and not a salesperson calling on behalf of McAfee? I get lots of this - I'm a wedding DJ, and so have to provide my full contact details on my website. I get frequent calls from "on behalf of Google/Microsoft", and also get the same in my day job.. For any cold calls - I tell them I do not do business that way, and will research my own suppliers, thank them and hang-up. So - if you get any more of these calls, clarify who is calling.. McAfee, or a distributor/agent etc... I normally get "Hi, its xxxxxx here from Microsoft". Me: "actually Microsoft?" Them "I'm calling on behalf of Microsoft"... The rest is short n sweet (but polite) :-) Business owners are required to know the laws/legislations that they need to run their business in. UK would be TAX/Data Protection/HSE/Consumer Law and many more. So... if PCI is a requirement, it is the business owners obligation to be aware of this and comply. "sorry, I did not realise" is not a valid excuse when you're running a business. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.