We have to do one too each year for our bank.

I have Merchant Warehouse, which I guess is a third party dealer for First Data. My bank account just got charged for this also! I called them and they keep telling me the same thing. That my store has to be PCI compliant. When I call 3dcart, they say I am! Basically, I think they are just selling us this extra service and say we have to have it! Did you have any luck getting them to accept the 3dcart compliance? I am so mad at Merchant Warehouse right now!

PCI compliance

Make sure you have purchased a SSL, vs a shared SSL. I had First Data as well through Suntrust. Every Quarter. I was charged their $29.xx compliance fee and every year took their PCI compliance Test. If you haven't taken the test and had FD to scan your site. Then you need to do so. With out the scan, they dont know your are PCI compliant and you could incur large fees. Even though 3dcart is PCI compliance, you gota show FD that you are. I do feel the pain of their fees. I did change to a different bank that offered better Merchant fees after my contract was over. Another thing you can do is call First Data and ask for a rate review if you been with them over 6 mths. That will help with the fees. Hope that helps.

David Hamlen
Choice Checks LLC
Cheap Business Checks, Quickbooks business checks, peachtree business checks, bulk blank checks, tax forms

I use Merchant Warehouse and they contracted with Control Scan for PCI compliance. It involves a yearly questionnaire and quarterly scan to pass.

I think the reason you have to do it even though 3dCart is PCI Compliant, they assume the data will leave the 3dcart environment at some point and enter your system, which is not covered under 3dCart's PCI certificate. They want to ensure (or at least have you attest to) a secure environment for cardholder data on every system the data touches.

If you're looking to switch, I highly recommend Phil at merchantfeesavers.coms

We just went through the review and re-quote and he saved us thousands in excessive fees.

PCI Compliance

Just going to throw my 2 cents in...

You are still responsible to prove your website/company are PCI Compliant even if 3dCart has a passing certificate. You prove you are PCI compliant by having your website scanned, possibly your office public IP scanned (if data is exchanged between there and the site), and answering a yearly questionnaire regarding your business practices in handling data and your network.

3dCart guarantees PCI compliance, but this may not always mean your specific website is PCI compliant. We just had this issue a bit ago where we were failing PCI scans and had to bring the issues to 3dCart's attention. This is your responsibility since 3dCart does not scan and verify ever single site they host. They are cleared as a company once a quarter/year, a lot can change in that time.

We use TrustWave/TrustKeeper, but there are a lot of other services out there that will provide scanning and reporting to whomever you need.

PS: Once we brought the failed PCI scan to 3dCart's attention, they did resolve the problem and a rescan has us back in compliance now. Your scanning service may not fail you for the same reason we were failed, it depends on a lot of criteria, but just be aware that it may happen.

I do have my website scanned by McAfee and it passes the PCI compliance. However, Merchant Warehouse did not even give me the option of having another service. They sent a note in the Oct bill that I would be charged $99 whether I used this ControlScan service or not. I have been going back and forth with them. They did say that if I proved I was compliant they would credit me $40. Even with my McAfee scan it looks like the only proof they will accept is from their partnership with ControlScan.

it's possible that McAfee PCI scan does not scan for specific things your bank is looking for. As I mentioned, we were failed PCI scan for things that other scans don't... Perhaps you can setup your own arrangement with the banks scanning service and save some money? Otherwise, it sounds like you may be stuck... sorry.