Author Topic: about epay global payment's PCI certification  (Read 374 times)

Offline sylvially

  • Newbie
  • *
  • Posts: 9
    • www.epay.com
about epay global payment's PCI certification
« on: November 30, 2015, 07:20:16 AM »
Hello, guys and girls

I have used epay global payment system as my payment option for several days since it's always free to pay and get paid, above all, it's available in my country!! Well, I wonder whether epay a PCI certified payment service provider? I want to use debit card to make payments via epay. The Payment Card Industry Data Security Standard (PCI DSS) is a global financial information security standard that keeps credit card holders safe.  All merchants in payment card industry are required to be PCI compliant. Well, the thing is, I can't find any information about it at https://www.epay.com . I tried to contact their customer service agents and was told that Epay Global Payment System has been certified by PCI a couple days ago.How can I know if this is true or not?

Offline artilectinc

  • Litecoin Association Member
  • Elite Member
  • ***
  • Posts: 2138
  • Troll Paladin
Re: about epay global payment's PCI certification
« Reply #1 on: November 30, 2015, 09:58:45 PM »
It's difficult for a consumer to determine if a company is PCI compliant.  The only ones who really enforce the compliance are the credit companies like Visa, Mastercard, Discover,etc.  As far as compliance, companies can do a self assessment which is little more than a questionnaire asking them if they store CC# on their networks, if card info is encrypted, if their is a DMZ between the network that stores the CC info and the internet, etc.

The best you can due is to have the credit company do an audit on the company by reporting them.  There is a service that provides a quick check of the web server like http://checkpcidss.com/epay.com/ but that doesn't really tell you much if the company is not storing their CC info on the same server.  But as far as that report epay has a vulnerability that has a high severity of PCI noncompliance.