Timeline for PCI Compliance guidance
Current License: CC BY-SA 3.0
8 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Jan 30, 2012 at 2:28 | history | tweeted | twitter.com/#!/StackSecurity/status/163810866930794496 | ||
| Jan 25, 2012 at 13:01 | vote | accept | mr12086 | ||
| Jan 25, 2012 at 12:13 | comment | added | Cheekysoft | Also fear the fines: "Visa determined that the total cost of the liability for [the small Utah family restaurant's] non-compliance was $1.33 million, but ultimately set the fine at $55,000." --An interesting legal countercase has ensued wired.com/threatlevel/2012/01/pci-lawsuit | |
| Jan 25, 2012 at 12:07 | comment | added | Cheekysoft | You will have to either (a) redirect to the remote enter-card-details page [my preferred solution if I can cobrand the page]; or (b) embed it as an iframe [my preferred solution if the bank doesn't frame-bust and doesn't allow you to co-brand the pay page]. Many bank's products, can be made to feel pretty seamless. Arguably, the user may trust a major bank more than your organisation, too. | |
| Jan 25, 2012 at 9:28 | comment | added | mr12086 | Am i correct in thinking the only possible way for this is to not let the client enter there card details into my forms, but to have them redirected to a card processors website entry form? | |
| Jan 24, 2012 at 15:45 | comment | added | Cheekysoft | If you can in any way avoid taking the credit card data yourself, everyone involved will thank you. PCI compliance is not to be taken lightly and carries continuous costs and continuous independent assessments. One of the reasons it exists is to make the option of using your merchant bank's existing online solution more attractive. | |
| Jan 24, 2012 at 14:26 | answer | added | logicalscope | timeline score: 4 | |
| Jan 24, 2012 at 9:00 | history | asked | mr12086 | CC BY-SA 3.0 |