* Posts by Syn1c

5 posts • joined 21 Oct 2010

Firms are RUBBISH at payment security

Syn1c

No wonder security is poor...

...if this load of comments is indicative of the general understanding of PCI DSS & security in general.

"if you use an off-the-shelf package, it's supposed to be PCI-DSS certified. But if you use something bespoke, you can exempt it from this requirement and just self-certify it." - RUBBISH! The point of PA-DSS is to ensure that off-the-shelf payment application software can be set up and maintained in a PCI DSS compliant manner. Far too many off the shelf packages actually prevent achieving PCI compliance because they do something stupid, like intentionally store CVV2 values. It is a way of getting vendors to produce software that does what it needs to do from a security perspective. If you develop the software yourself, then you can make sure the software does what is needed yourself.

"The form required is too complex for a small business that only uses a PDQ terminal." - then you are using the wrong form (there are five of them, one of them specifically for PDQ terminals).

"The cost of becoming PCI-DSS compliant is extortionate for most businesses. Most small and medium sized enterprises would be put out of business if they were forced to become PCI-DSS compliant" - There are a whole load of things that can be done for free or at minimal cost to facilitate compliance. It does not require a £10k firewall or a 12 month Identity & Access Management programme (though some will try and convince you it does).

The truth of the matter is that most company's perceptions of their own security are far from their actual reality. I have seen e-commerce merchants with no anti-virus at all, corporates running web servers on platforms that went end-of-life years ago and even banks with absolutely no security audit logging on their systems.

Keep telling yourselves PCI is a joke if that's what you want to believe, but without it, security for most companies will only improve after the horse has bolted.

0
0

Elgato Tivizen iOS Wi-Fi TV tuner

Syn1c

Why pay £150?

...when you can watch TV on any mobile device through http://www.tvcatchup.com/

1
0

Aircraft bombs may mean end to in-flight Wi-Fi, mobile

Syn1c

If in doubt, ban it.

I could use an altimeter as the detonation trigger. Maybe we should ban all planes from flying above 1000 feet?

Instead of banning everything for everyone every time, wouldn't it be more wise to scan packages for explosives?

0
0

Apple rolls out two new MacBook Air models

Syn1c

Here we go again

"Oh no!! Apple wants to sell some more stuff. Quick, let me tell the world how much I hate them"

I feel the same way about cars. Bloody Mercedes/Porsche/Ferrari making expensive motors when I can get a cheaper, more economical Ford/Mazda/Honda.

If you don't like it, DON'T BUY IT!

4
0

Crown Paint probed by ICO for 'possible' online data breach

Syn1c

Keep calm and carry on.

Do BT still publish phone books?

0
5

Forums