[Phpwm] PCI DSS security standard

Mr Phil E. Taylor phil at phil-taylor.com
Thu Mar 27 11:15:29 GMT 2008

Hash: SHA1

I have been directly responsible for securing servers/networks to the
PCI DSS Standard.

The worse case scenario is that Visa/Mastercard can actually ban your
company for life from accepting Visa/Mastercard if you fail to comply!
But its rarely taken that far - normally fines.

If you accept credit card numbers submitted in a form on your site then
you need to be PCI certificated - period.

Kindest regards

alan dunn wrote:
> We wonder if others in the group are familiar with the 'Payment Card
> Industry Data Security Standard' and if so does anyone have any
> experience of being audited or gaining compliance certification for any
> customer apps they are hosting?
> Here is a direct quote from our client's email "all companies which
> handle credit card data must be PCI DSS compliant by the end of March.
> This is the Payment Card Industry Data Security Standard which all
> companies have to comply with. It’s all really technical but the main
> point is that if you are not compliant then the responsibility for any
> fraud sits you with you and not with the banks"
> Here is a link: http://www.itgovernance.co.uk/pci_dss.aspx
> The issue of 'responsibility for fraud' certainly raises some
> interesting contractual questions about the consequences of hosting
> customer data - especially credit card data.
> alan dunn
Version: GnuPG v1.4.2 (MingW32)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5305 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.lug.org.uk/pipermail/phpwm/attachments/20080327/cd5bd5f8/smime.bin

More information about the Phpwm mailing list