D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] PCI Compliance

 

Gordon Henderson wrote:
> 
> Basically, the banks are bullying customers into having this (and paying
> for it), even when they do not store, even temporarily, credit card
> details.

I think a lot of the banks just appointed 3rd party companies who are
keen to milk the bank's customer base for as much cash as possible.
Whether the banks are profiting from this is unclear to me.

Most should read the documentation carefully, as in most cases you can
literally tick a box saying "we don't store credit card numbers", and
write to the bank, and that is it.

> Still - you can get PCI compliant hosting for £1.59 a month if you look
> hard enough, so what value does that place on the market?

Our banks preferred testing company uses Nessus, and appears to use the
free rule-set. They failed us on some test, which turned out to be a
known bug in Nessus, so they aren't even adding value to Nessus by
disabling broken tests promptly.

But that the cost of such isn't high, doesn't mean there isn't value,
even if that value is relatively small.

Also I think it is a reasonable question if a site is secure, even if
usually the transactions are handled by someone else (Paypal), as if it
is insecure crackers could direct folk to a fake site and steal
credentials that way.

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html