Pci DSS

Walter D Vaughan Jr wvaughan at steelerubber.com
Fri Sep 20 07:08:30 PDT 2013


> -----Original Message-----
> From: On Behalf Of Fairlight
> Sent: Thursday, September 19, 2013 5:19 PM
> To: filepro-list at lists.celestial.com
> Subject: Re: Pci DSS

> Your absolute best bet is to let a payment gateway (PayPal, Authorize.net,
> Google, etc.) handle it, and make sure the numbers -NEVER- touch your
> systems.  Offload that exposure to the payment gateway, and steer clear of
> as much of the responsibility as possible.

[Walter D Vaughan Jr] 
While you can spend yourself broke to meet the data requirements, what you
will discover is that the social engineering aspect unless it's part of your
DNA will be much harder to deal with. Screens that lock when the user leaves
their keyboard, name badges for visitors, man traps, random wi-fi sweeps,
etc...

Mark is right, PCI is not a magic bullet.  What the current version of the
Self Assessment  Form does is expose weaknesses in your security in a
non-threating manner. 

So that begs the question, is your business's primary function to be
security specialists or is it to sell goods and services? 



More information about the Filepro-list mailing list