"For example, a requirement of the Payment Card Industry (PCI) Data Security Standard (DSS) is that "only one primary function (exists) per server." Reasonable answers to such requirements must first be sought out, Dahn said."
Thank you. It's about time somebody said something about this rediculous requirement. All this does is insures that smaller companies cannot be compliant. But then, maybe that's what the card companies want.
Fines could be a pretty lucrative form of income. Sort of like the way they shortened the duration from the time their invoices are mailed and payment is overdue, and thus increased their late fee income by 30%.
If card companies really wanted to help small businesses they would be providing tools to help them become compliant instead of levying large fines. In fact why don't they provide a service to store ALL card information and let merchant web sites connect to that using an authorized token? I mean, they already store it. Who knows how to protect card data better than the card companes?
Thank you. It's about time somebody said something about this rediculous requirement. All this does is insures that smaller companies cannot be compliant. But then, maybe that's what the card companies want.
Fines could be a pretty lucrative form of income. Sort of like the way they shortened the duration from the time their invoices are mailed and payment is overdue, and thus increased their late fee income by 30%.
If card companies really wanted to help small businesses they would be providing tools to help them become compliant instead of levying large fines. In fact why don't they provide a service to store ALL card information and let merchant web sites connect to that using an authorized token? I mean, they already store it. Who knows how to protect card data better than the card companes?
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/newsbriefs/927/2856#2856