You are invited to Log in or Register a free Frihost Account!

What do you think of this?

A client of mine forwarded me an email from paypal, they use paypal as well as holding credit card data that's aes encrypted in the database. The people who pay with paypal have all their card info on paypal's server.

Thank you for choosing PayPal for your payment processing needs. Please review this email for action you must take to meet industry compliance requirements and maintain your account status at PayPal.

Why am I getting this notification?
This notification is to prompt you to take action to meet Payment Card Industry (PCI) standards within your business. As your processor of payment card transactions, PayPal must validate your compliance to these industry mandated requirements.

What are the security standards my business needs to meet?
The PCI mandates that you meet minimum online security requirements. This means enrolling with a Visa and MasterCard-certified security vendor for PCI certification services consisting of Quarterly Security Scanning of your office and store Internet connections as well as your website, plus the completion of a Security Self-Assessment Questionnaire.

Additional information on the security standards can be found at:

More information on the MasterCard and Visa security programs can be found at the following sites:
- Visa USA -
- MasterCard -

How does my business become - and stay - compliant?
4 steps to staying PCI compliant:
- Complete and pass the annual security self-assessment questionnaire.
- Complete and pass quarterly security scans of your internet infrastructure.
- Get your certificate of compliance.
- Fax your certificate to PayPal at (303)395-2821.

and goes on about having 30 days to comply or else paypal will stop card processing

I googled phone number to verify it and it's #1 hit was
which indicates 2 people reported it as fake

John reported Fake Paypal from 303-395-2821 as a Scammer/Fraudster
Aug 26th 2010 - 10:41:07pm PDT

Send fake. E mail to paypal users for PCI certification. It is fake.

and #2 as
which is a page that asks for your paypal login info

This page indicates paypal and panoptic have a partnership

What are your thoughts? I'm suspicious
I actually work at Panoptic and while I can't tell you anything about whether or not this paypal message is indeed valid I do know that Panoptic has a relationship with Paypal and they recommend (although certainly don't require) merchants use Panoptic to get compliant. We have gotten many Paypal users compliant while I have been at Panoptic. PCI compliance is something that everyone is cracking down on and if you are a level 3 merchant (ecommerce more than 20K, less than 1MM transactions per year) Paypal gets fined every month you are not compliant. Just thought I would chime in since I represent the Panoptic side of this partnership. If you are suspicious or have questions you should call your Paypal rep directly and ask them what you need to do to become compliant and what the ramifications are if you choose not to.
Fire Boar
PayPal always use your full name in the salutation: "Dear Joseph Bloggs" or whatever. If you don't see that, then the email is fake, but that's only an acid test. If you are still unsure, the best bet is to visit the PayPal website directly (not via a link in an email) and find contact details, get in touch and verify its authenticity.
The client called paypal and they confirmed it was real.

I'm working with them with the Panoptic stuff.

I did things like force the backend login to use their SSL and adding 90 day password expiration stuff

I could really use a checklist of software requirements, but it's scattered all around in various documents.
Related topics
Reply to topic    Frihost Forum Index -> Scripting -> Php and MySQL

© 2005-2011 Frihost, forums powered by phpBB.