PCI compliance

Eventually, every ecommerce company hits the crossroads where PCI compliance goes from being a nice to have to being a need to have. Of course, those in charge say everyone must be compliant regardless of size, but who are they trying to fool? They're not going to waste time auditing someone doing $10,000/year online. Hackers probably won't waste their time on those people, either.

The part that makes compliance tough is the moving target. Come July, there are a whole new batch of standards that merchants need to follow or risk huge fines. Not only that, they could possibly lose their ability to process credit cards. I doubt that, though, or someone like TJX would have lost their card processing abilities.

Personally, I'm in the middle of buying application firewalls. That sure beats pushing everything through a third party code audit if you ask me, but either is very pricey.

So, do any of you reading this have any opinions on app firewalls? Good brands? Bad? Features? Reliability?


Popular posts from this blog

Yii multiple select dropdownlist with default values

Audition results

Another audition