PCI Compliant Payment Gateway for Macola 1

[CenturyBiz]

As you know, PC-Charge is the name most Macola users know for payment processing within the software. But did you know that with PC-Charge all credit card data resides on your systems and as such you are not fully PCI Compliant?

 

[dgillz]

Details? They claim to be PCI compliant, and your user history of 1 post does not install a lot of confidence in me.

Software Training, Implementation, Programming and Support for Macola Progression, Macola ES, Synergy, and Crystal Reports. Check out our Macola tools:

http://www.gainfocus.biz/exceladdin.html

 

[CenturyBiz]

Hi Dgillz,

As you noticed I am new at the forum. I actually joined the forum today and that was my very first post. Most Macola users do not know that PC Charge ,when integrated with software like Exact and MAS, stores credit card data on the client server, which is not PCI Compliant. PC Charge is not cloud based either.

My company had developed the integration for 10, ES, as well as Progression and the process is 100% compliant. You can learn more about us from our partner company Attivo Group or visit our site and ask for a demo!

Thanks for your reply!

 

[dgillz]

Please clarify what data is stored on the system that makes it not PCI compliant

Has Exact or PC Charge acknowledged that their solution is not PCI compliant?

Software Training, Implementation, Programming and Support for Macola Progression, Macola ES, Synergy, and Crystal Reports. Check out our Macola tools:

http://www.gainfocus.biz/exceladdin.html

 

[CenturyBiz]

I don't think if I have the right or the ability to speak on their behalf. I think it's not hard for someone with expertise in this space to find out.

 

[dgillz]

Humor me please and answer the question "what data is stored on the system that makes it not PCI compliant?"

I know what data is stored on the system. I want to know what makes it non PCI compliant.

Software Training, Implementation, Programming and Support for Macola Progression, Macola ES, Synergy, and Crystal Reports. Check out our Macola tools:

http://www.gainfocus.biz/exceladdin.html

 

[stravis]

It's obvious that CenturyBiz is more marketing than in the trenches knowledge but a little research has uncovered a problem with PCCharge PCI compliance. They are using the PA-DSS 1.2 compliance documentation and validation. Currently the standard is at version 3. According to this link, all 1.x application compliance expired on October 28th, 2013. At the base minimum, this means that their validated product is no longer validated for PCI compliance.

I have no idea if Attivo Group's solution is the right answer. I don't currently have any customers doing credit card processing directly in Macola so I don't know much about alternatives that are fully integrated with Exact products. Based on my experience with web shopping carts and PCI compliant solutions I can say that using a cloud based provider absolves you of many of the headaches included when you do your own processing. PCI compliance in v3.0 DOES NOT STATE THAT YOU CAN'T RETAIN CREDIT CARD DATA. Page 34 and beyond describes under what circumstances you can retain the data and how it must be protected. The protection requirements are difficult to implement and best left to a dedicated provider in my opinion. Here is a link to the v3.0 document.

That all said. I would suggest keeping marketing messages on this forum to a minimum. I haven't posted here in years, dropped in to find an old post, but this is not the place for marketing. Marketing by proxy (link to your business) is perfectly fine. Indicating that you might have a solution to a problem with a service or software package is fine. We have always pointed individuals to their existing reseller first though. This is not a place for outright scalping, however I know some consultants, including myself, have picked up clients as a direct result of the help we have provided on this forum.

Scott Travis
www.enterpriseexpressions.com