[Novalug] PCI compliance
John Franklin
franklin@elfie.org
Thu Sep 17 19:02:53 EDT 2009
On Sep 17, 2009, at 4:45 PM, Nick Danger wrote:
> Is anyone on the list familiar with PCI Compliance? I had to do it a
> bunch of years ago but it seems the rules have changed a bit. I have a
> few questions about it all not entirely technical so let me know if
> you've done the process lately. I would like to pick your brain :-)
I have been looking at taking credit card payments which necessities
an understanding of PCI compliance. The advice I get over and over
again is to let someone else worry about it. There are plenty of
shopping carts and wireless devices out there that are certified and
managed by companies that do nothing but credit card processing and
therefore worry about PCI compliance. Done right, you'll never see
the full card number, and therefore you're threat exposure profile is
near zero.
In a past life I had to be familiar with it, but only because PCI is
an industry "best practice" and we wanted to ensure we weren't missing
something. At the time, the PCI requirements were high-level items
like "a policy for updating systems in a timely manner" without
defining how up to date they had to be nor how long was considered "a
timely manner."
jf
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3914 bytes
Desc: not available
URL: <https://lists.firemountain.net/pipermail/novalug/attachments/20090917/9bd5af2d/attachment.p7s>
More information about the Novalug
mailing list