[Phpwm] PCI DSS security standard
Mr Phil E. Taylor
phil at phil-taylor.com
Thu Mar 27 11:15:29 GMT 2008
-----BEGIN PGP SIGNED MESSAGE-----
I have been directly responsible for securing servers/networks to the
PCI DSS Standard.
The worse case scenario is that Visa/Mastercard can actually ban your
company for life from accepting Visa/Mastercard if you fail to comply!
But its rarely taken that far - normally fines.
If you accept credit card numbers submitted in a form on your site then
you need to be PCI certificated - period.
alan dunn wrote:
> We wonder if others in the group are familiar with the 'Payment Card
> Industry Data Security Standard' and if so does anyone have any
> experience of being audited or gaining compliance certification for any
> customer apps they are hosting?
> Here is a direct quote from our client's email "all companies which
> handle credit card data must be PCI DSS compliant by the end of March.
> This is the Payment Card Industry Data Security Standard which all
> companies have to comply with. It’s all really technical but the main
> point is that if you are not compliant then the responsibility for any
> fraud sits you with you and not with the banks"
> Here is a link: http://www.itgovernance.co.uk/pci_dss.aspx
> The issue of 'responsibility for fraud' certainly raises some
> interesting contractual questions about the consequences of hosting
> customer data - especially credit card data.
> alan dunn
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 5305 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.lug.org.uk/pipermail/phpwm/attachments/20080327/cd5bd5f8/smime.bin
More information about the Phpwm