cancel
Showing results for 
Search instead for 
Did you mean: 

PCI Compliance failing?

Raymo
Member

For the past 2 years I have followed the strict guidelines set out by the PCI Security Standards council https://www.pcisecuritystandards.org/smb/

 

After my most recent scan which I carried out last week I was informed that the PCI compliance test had failed (every time previous I complied) It took some time to identify the reason and turns out that certain ports were open on my BT Business Hub. Upon further investigation it turns out that the ports are used to run diagnostics and firmware updates. There is no way to manually close these ports down so I called BT. The technical guy I spoke to was really helpful but was shocked to hear that I had failed my compliance due to this, that no one has raised this as an issue before and that BT had no plans in the future to close these ports down. So I find myself in a situation. I have contacted the PCI technical support and they are investigating. My possible option would be to buy a 3rd party router but how can I be sure that all the manufactures do not require open ports for upgrades. Equally I find myself asking the question 'why am I paying BT for a service which is now not fit for purpose'.  Has anyone out there experienced anything similar. Would love to hear! 

1 REPLY 1

RyanJames
BT Employee
BT Employee

Hi Raymo

 

Very sorry to hear you have been having trouble with the PCI.

 

From time to time we get calls from customers saying that their credit card company has run a scan and the router has failed PCI compliance, if they failed because it shows that ports open and they want those ports to be  closed then it depends on what ports are being shown as open. If the following ports are being shown open then we are not able to close them as they required for ongoing maintenance  and updates of our routers as you mentioned.

 

The ports for hub 3 and 5 are 161& 4567 
The ports for Hub 2701 is 50,001 & 3479

The ports for the smart hub 6 are 7547

 

The BT Business Hub has additional layers of security in place to prevent any malevolent actions in the regards to the Hub and our router are fully PCI Compliant.

 

If you just make your checkers aware of this, all should be good 🙂

 

I hope this helps shed some light!

 

~Ryan