> Ya, PCI compliance isn't that hard, especially if you're starting > from the ground up. Getting certified with a gateway is pretty easy. > I've worked with Chase, Webauthorize and Moneris in the past and > it's all pretty easy to do.
None of it is inherently "hard" it's just a lot of things to cover and keep tabs on (having an incident response plan, monitoring the code for changes, reviewing firewall rules periodically, handling management of encryption keys, the list goes on and on). Some of the clients I've worked with thought they were compliant because they required admin users to change their passwords regularly, but it goes well beyond things like that in the code of the application itself. My advice to anyone doing e-commerce is to get involved in the PCI process from the very beginning and make sure it won't come back to haunt you in the future. -Justin ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-community/message.cfm/messageid:309212 Subscription: http://www.houseoffusion.com/groups/cf-community/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.5
