[AusNOG] Security for CC details of new signups
Adrian Pronczak
adrian at psionyde.net
Tue Jul 6 10:24:16 EST 2010
Doesn't that kind of defeat the purpose of the audit?
Most "smaller merchants" would likely only have 1 security focussed staff
member, and you can hardly audit yourself. Definitely not to a level that
would make me feel safe about handing over CC details.
Although the last audit I went through seemed more like an exercise in
producing doco spiel rather than actual security...
-Adrian
On Tue, Jul 6, 2010 at 10:21 AM, Chris Jones <chrisj at aprole.com> wrote:
> On 06-Jul-2010, craig at askings.com.au wrote:
> > > But seriously, +1 for PCI-DSS, make it mandatory.
> >
> > My understanding is that PCI-DSS is mandatory for all CC merchants that
> > store credit card details. You choice is get audited etc or outsource to
> > someone that already has been.
>
> Don't necessarily need to audit. Unless it's changed in the last year,
> most smaller merchants have the option to "self-audit", rather than having a
> third party come in and do an external audit.
>
> Regards,
>
> Chris
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20100706/bd7618e8/attachment.html>
More information about the AusNOG
mailing list