[Novalug] PCI compliance

John Franklin franklin@elfie.org
Thu Sep 17 19:02:53 EDT 2009


On Sep 17, 2009, at 4:45 PM, Nick Danger wrote:

> Is anyone on the list familiar with PCI Compliance? I had to do it a
> bunch of years ago but it seems the rules have changed a bit. I have a
> few questions about it all not entirely technical so let me know if
> you've done the process lately. I would like to pick your brain :-)


I have been looking at taking credit card payments which necessities  
an understanding of PCI compliance.  The advice I get over and over  
again is to let someone else worry about it.  There are plenty of  
shopping carts and wireless devices out there that are certified and  
managed by companies that do nothing but credit card processing and  
therefore worry about PCI compliance.  Done right, you'll never see  
the full card number, and therefore you're threat exposure profile is  
near zero.

In a past life I had to be familiar with it, but only because PCI is  
an industry "best practice" and we wanted to ensure we weren't missing  
something.  At the time, the PCI requirements were high-level items  
like "a policy for updating systems in a timely manner" without  
defining how up to date they had to be nor how long was considered "a  
timely manner."

jf
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3914 bytes
Desc: not available
URL: <https://lists.firemountain.net/pipermail/novalug/attachments/20090917/9bd5af2d/attachment.p7s>


More information about the Novalug mailing list