One of my clients accepts credit card payments. He has to have his card reader verified periodically, and checked for online security. This is a complicated process, involving a lengthy self-certification questionnaire and a remote security scan carried out by the compliance authority.
I originally sorted out his verification in April last year, over a period of several weeks, with multiple failed scans and highly technical telephone discussions with the verification agency and his broadband equipment supplier. This time, I at least had a rough idea of what to expect when he called me back in.
The first job was to check the security of his IP address. This is done a scan run by the remote site, so all I could do was kick it off and wait. It took a few days for him to be notified that the scan had been run – and irritatingly, the email didn’t actually say whether it had passed or failed. But I went in to see him again today, logged onto the scan site, and found that it had passed. Then it was just a matter of submitting the scan result to the authorising agency, and completing their questionnaire on other security matters.
Not the sort of job I envisaged when I first took on this client – but I can see why he wanted me to take it over for him! It will be an on-going commitment, as the system must be rescanned and his procedures verified quarterly, with a major annual update. So I have booked him in for a date just short of three months away, and hope I will remember all the hoops to jump through by the time June rolls around.
