[Phpwm] PCI DSS security standard

[Mr Phil E. Taylor]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have been directly responsible for securing servers/networks to the
PCI DSS Standard.

The worse case scenario is that Visa/Mastercard can actually ban your
company for life from accepting Visa/Mastercard if you fail to comply!
But its rarely taken that far - normally fines.

If you accept credit card numbers submitted in a form on your site then
you need to be PCI certificated - period.

Kindest regards
Phil.

alan dunn wrote:
> We wonder if others in the group are familiar with the 'Payment Card
> Industry Data Security Standard' and if so does anyone have any
> experience of being audited or gaining compliance certification for any
> customer apps they are hosting?
> 
> Here is a direct quote from our client's email "all companies which
> handle credit card data must be PCI DSS compliant by the end of March.
> This is the Payment Card Industry Data Security Standard which all
> companies have to comply with. It’s all really technical but the main
> point is that if you are not compliant then the responsibility for any
> fraud sits you with you and not with the banks"
> 
> Here is a link: http://www.itgovernance.co.uk/pci_dss.aspx
> 
> The issue of 'responsibility for fraud' certainly raises some
> interesting contractual questions about the consequences of hosting
> customer data - especially credit card data.
> 
> alan dunn
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)

iD8DBQFH64H9qMeBFexeHdIRAnIhAJ0XBXwVWoevS+eTwEnT9pgQbkTDXwCghDQW
Sg3imEg6mSXTWHy40cKYpO8=
=sf05
-----END PGP SIGNATURE-----

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5305 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.lug.org.uk/pipermail/phpwm/attachments/20080327/cd5bd5f8/smime.bin