I think it was Visa processors that are causing this stink, Visa is trying to have CYA
On Wed, Oct 28, 2015 at 4:47 PM, Eric Kuhnke <eric.kuh...@gmail.com> wrote: > traffic between their credit card terminal and the processor should be > end-to-end encrypted. Audits of their network equipment would be required > for PCI compliance *if* they were storing card info in plaintext anywhere > on their LAN, which they are not. > > On Wed, Oct 28, 2015 at 11:54 AM, Ken Hohhof <af...@kwisp.com> wrote: > >> I have always heard of PCI compliance in terms of a business like a gas >> station where customers swipe cards at the pumps. >> >> But I have a customer with a credit card reader terminal in their office >> that is making this big fuss because they annually do a PCI audit >> apparently to avoid a $20/month fee from their credit card processor. >> Maybe I don't even realize we pay that, there is some $200/year PCI >> compliance fee we pay. >> >> Anyway, this is not where some auditors show up, but rather a cloud based >> scan they run from one of their computers until they pass, then they print >> out the report and send it in. >> >> And apparently the customer decided to have us replace Frontier and then >> do their annual scan the next day. They claim they passed every year >> previous, hard to believe the Frontier modem they were using as their >> router having username/password set to admin/admin was not an issue. Their >> first complaint to us was their WiFi password was not complex enough. >> Well, we just set it to what you were already using. Then they had some >> complaint about DNS. >> >> Now they are saying they have to report that we manage the router >> remotely, and that may be a problem. Is it? We close off everything but >> Winbox. It seems a lot more secure to me than having a web interface with >> admin/admin. I told the customer they are welcome to supply and manage >> their own router, but if they get a leased, managed router from us, well >> ... we manage it. Remotely. >> >> Has anyone dealt with this issue already? >> >> > -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team.
