Endpoint Protection

 View Only

  • 1.  Technical Support for servers in a PCI environment

    Posted Oct 06, 2015 12:42 PM

    Hi, I feel I need to relay a message to everyone in Symantec Support.

    When some of us call for assistance, please be sympathetic with us when we say that we cannot allow you to connect to our PCI (Payment Compliance Industry) servers because they are in an environment that is sensitive to credit card information and they do not have access to the Internet.

    I recently had the misfortune of having a problem with our PCI SEP server and I had to tell the representative repeatedly that I cannot allow him to connect to our servers, because they're in a sensitive non-Internet connected environment, and that we had to just describe what we were looking at to him.  The representave was taken aback with my suggestion and could not figure out why I would not allow him to access our PCI servers.  It's not that I won't allow him to connect, I simply cannot alow him to do so, it's not physically possible.

    It comes of no surprise now that PCI compliance has been in place for quite some time now that whenever Support asks to connect to your computer if you have a critical problem or issue, that one cannot simply take over a computer that's in a sensitive Payment Compliance Industry zone.  Fines for non-compliance are extremely expensive (I'm talking hundreds of thousands of dollars).

    I thank Symantec Support for all of the support they have given us in the past, but I ask that you please make sure everyone in Support is well aware that there are many companies who have to be PCI compliant and to please be patient to us when we describe what the problem is and how to support it without a remote connection.

    Thank you!

    Dan



  • 2.  RE: Technical Support for servers in a PCI environment

    Posted Oct 06, 2015 08:07 PM

    Hi Dan,

    It is not just you there are many other industries where they are restricted from sharing the remote desktop and as a support vendor they should/will understand the requirement most of the times. I am telling you this as a Ex Symantec Support Technician, that there is no mandatory requirement for the customer to share the desktop it is there just to save time for both the parties involved and it help them to be on the Same Page. That being said, many and times there are customer who simply say we cannot share our screen due to security reasons and I have honored it and to my knowledge its the case with all most all of the engineer. It could be possible that your case was handled by a newbie who isn't familiar about these requirements. Anyhow I would suggest you to share your case No here. So that Chetan or Pete or Mike who are still associated with Symantec can share the feedback to the engineer involved, so that no one else has to go through the same of what you have been through.



  • 3.  RE: Technical Support for servers in a PCI environment

    Posted Oct 07, 2015 12:32 AM

    Well Said Praveen