[Phpwm] PCI DSS security standard

[alan dunn]

We wonder if others in the group are familiar with the 'Payment Card 
Industry Data Security Standard' and if so does anyone have any 
experience of being audited or gaining compliance certification for any 
customer apps they are hosting?

Here is a direct quote from our client's email "all companies which 
handle credit card data must be PCI DSS compliant by the end of March. 
This is the Payment Card Industry Data Security Standard which all 
companies have to comply with. It’s all really technical but the main 
point is that if you are not compliant then the responsibility for any 
fraud sits you with you and not with the banks"

Here is a link: http://www.itgovernance.co.uk/pci_dss.aspx

The issue of 'responsibility for fraud' certainly raises some 
interesting contractual questions about the consequences of hosting 
customer data - especially credit card data.

alan dunn
-- 

DISCLAIMER:

This document originates from within Dunns Imaging Group Limited.
This message, together with any associated files, is intended only for 
the use of the individual or entity to which it is addressed and may 
contain information that is confidential, subject to copyright or 
constitutes a trade secret. If you are not the intended recipient of 
this communication you are hereby notified that any dissemination, 
copying or distribution of this message, or of any files associated with 
this message, is strictly prohibited.
If you have received this message in error, please notify us at once.

Dunns Imaging Group Ltd.
Registered Office: Chester Road Cradley Heath West Midlands B64 6AA.
Tel: 01384 564770
Registered in England 598527.