[Phpwm] PCI DSS security standard

Alex Mace alex at hollytree.co.uk
Thu Mar 27 11:07:22 GMT 2008


I used to work at a company called allpay.net and we had to be PCI  
compliant. From my understanding it goes further than that - if you  
are not compliant then they can fine you, but in reality that might  
just be down you being liable for the fraud. I wasn't directly  
involved in the work but my recollections are that you cannot store  
credit card numbers in clear text and you should have an audit trail  
in place to identify access to the data.

Many people have left allpay.net for various reasons while that  
project was going on, so I'm sure I can find someone who can give you  
a hand if you need it?

On 27 Mar 2008, at 11:10, alan dunn wrote:

> We wonder if others in the group are familiar with the 'Payment Card  
> Industry Data Security Standard' and if so does anyone have any  
> experience of being audited or gaining compliance certification for  
> any customer apps they are hosting?
>
> Here is a direct quote from our client's email "all companies which  
> handle credit card data must be PCI DSS compliant by the end of  
> March. This is the Payment Card Industry Data Security Standard  
> which all companies have to comply with. It’s all really technical  
> but the main point is that if you are not compliant then the  
> responsibility for any fraud sits you with you and not with the banks"
>
> Here is a link: http://www.itgovernance.co.uk/pci_dss.aspx
>
> The issue of 'responsibility for fraud' certainly raises some  
> interesting contractual questions about the consequences of hosting  
> customer data - especially credit card data.
>
> alan dunn
> -- 
>
> DISCLAIMER:
>
> This document originates from within Dunns Imaging Group Limited.
> This message, together with any associated files, is intended only  
> for the use of the individual or entity to which it is addressed and  
> may contain information that is confidential, subject to copyright  
> or constitutes a trade secret. If you are not the intended recipient  
> of this communication you are hereby notified that any  
> dissemination, copying or distribution of this message, or of any  
> files associated with this message, is strictly prohibited.
> If you have received this message in error, please notify us at once.
>
> Dunns Imaging Group Ltd.
> Registered Office: Chester Road Cradley Heath West Midlands B64 6AA.
> Tel: 01384 564770
> Registered in England 598527.
>
>
> _______________________________________________
> Phpwm mailing list
> Phpwm at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/phpwm




More information about the Phpwm mailing list