My payment processor is Beanstream (beanstream.com). These folks, FWIW, are VERY helpful and responsive. They return my phone calls, and answer my questions usually within an hour.
VISA will apparently not certify anyone (perhaps it's canada only?) without being certified by a PCI auditor.
The tests that are failing on lyra are:
- SSL Server Supports Weak Encryption Vulnerability
- SSL Server May Be Forced to Use Weak Encryption Vulnerability
- SSL Server Has SSLv2 Enabled Vulnerability
- SSL Server May Be Forced to Use Weak Encryption Vulnerability
- MySQL User-Defined Function Buffer Overflow Vulnerability
- Mail Server Accepts Plaintext Credentials
- UDP Source Port Pass Firewall (src port 53)
NOTE: My merchant vendor has informed me that if Lunarpages justifies these failures adequately, it is possible to approve the application anyway. I've updated my ticket to ask for such justification.
They also informed me that if anyone else on my shared server (lyra) is PCI certified, a photocopy of that certification is all they would need to approve me. Is this something LP could find for me?
"As a note, this is quite the gimmick as far as I'm concerned, as with any properly protected database, trusted certificate (such as those we provide through Lunarpages) and well developed storefront, will never have any issues with a compromise."
I think the point of this certification is to proove the "properly protected", "trusted", and "well developed" parts of your sentence.
Thanks for looking into this Jay!
sb.
