Friday 27 March 2015

PCI DSS fail part 2

So I signed up with the new "Saferpayments" web site. Here's what the letter said "Worldpay's new SaferPayments programme which is designed to make confirming compliance with the PCI DSS quicker and easier"

With the way it worked before, it was my responsibility to make my server secure - that's fine. Trustwave would test my server, and pass the results over to Worldpay; I didn't have to do anything else. Computer talking to computer. No need to me to act as a kind of courier.

With the new system, I have to log on to Trustwave, download the compliance report, log on to Worldpay, and upload that compliance report. In other words, they've made it slower and less easy.

And remember, 80% of people taking credit cards aren't actually complaint with the PCI DSS!

No comments:

Post a Comment