> I think such motion from total ignorance to doing > "a piss-poor job" of security represents a huge > progress for such, mostly small, organizations.
There also many small companies that took one look at PCI and just gave up entirely and outsourced anything that was in scope for compliance to a larger company that specialized in payment processing. I can't tell you how many busted shopping carts we've replaced with PayPal checkout. When their online stores were built six or seven years ago, security wasn't as much of a problem. Now, they see the cost of keeping processing on their own site and go ahead with moving checkout to another service. They don't get the "prestige" of having the checkout on their site, but their customers are a whole lot safer as a result. -Justin Scott _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
