5 posts • joined Thursday 21st October 2010 13:41 GMT
No wonder security is poor...
...if this load of comments is indicative of the general understanding of PCI DSS & security in general.
"if you use an off-the-shelf package, it's supposed to be PCI-DSS certified. But if you use something bespoke, you can exempt it from this requirement and just self-certify it." - RUBBISH! The point of PA-DSS is to ensure that off-the-shelf payment application software can be set up and maintained in a PCI DSS compliant manner. Far too many off the shelf packages actually prevent achieving PCI compliance because they do something stupid, like intentionally store CVV2 values. It is a way of getting vendors to produce software that does what it needs to do from a security perspective. If you develop the software yourself, then you can make sure the software does what is needed yourself.
"The form required is too complex for a small business that only uses a PDQ terminal." - then you are using the wrong form (there are five of them, one of them specifically for PDQ terminals).
"The cost of becoming PCI-DSS compliant is extortionate for most businesses. Most small and medium sized enterprises would be put out of business if they were forced to become PCI-DSS compliant" - There are a whole load of things that can be done for free or at minimal cost to facilitate compliance. It does not require a £10k firewall or a 12 month Identity & Access Management programme (though some will try and convince you it does).
The truth of the matter is that most company's perceptions of their own security are far from their actual reality. I have seen e-commerce merchants with no anti-virus at all, corporates running web servers on platforms that went end-of-life years ago and even banks with absolutely no security audit logging on their systems.
Keep telling yourselves PCI is a joke if that's what you want to believe, but without it, security for most companies will only improve after the horse has bolted.
If in doubt, ban it.
I could use an altimeter as the detonation trigger. Maybe we should ban all planes from flying above 1000 feet?
Instead of banning everything for everyone every time, wouldn't it be more wise to scan packages for explosives?
Here we go again
"Oh no!! Apple wants to sell some more stuff. Quick, let me tell the world how much I hate them"
I feel the same way about cars. Bloody Mercedes/Porsche/Ferrari making expensive motors when I can get a cheaper, more economical Ford/Mazda/Honda.
If you don't like it, DON'T BUY IT!
Keep calm and carry on.
Do BT still publish phone books?
- Analysis BlackBerry Messenger unleashed: Look out Twitter and Facebook
- IT bloke publishes comprehensive maps of CALL CENTRE menu HELL
- Nine-year-old Opportunity Mars rover sets NASA distance record
- Prankster 'Superhero' takes on robot traffic warden AND WINS
- British LulzSec hackers hear jail doors slam shut for years