Good advice. On Tue, Dec 8, 2009 at 1:50 PM, Justin Scott <[email protected]>wrote:
> > > Ya, PCI compliance isn't that hard, especially if you're starting > > from the ground up. Getting certified with a gateway is pretty easy. > > I've worked with Chase, Webauthorize and Moneris in the past and > > it's all pretty easy to do. > > None of it is inherently "hard" it's just a lot of things to cover and keep > tabs on (having an incident response plan, monitoring the code for changes, > reviewing firewall rules periodically, handling management of encryption > keys, the list goes on and on). Some of the clients I've worked with > thought they were compliant because they required admin users to change > their passwords regularly, but it goes well beyond things like that in the > code of the application itself. My advice to anyone doing e-commerce is to > get involved in the PCI process from the very beginning and make sure it > won't come back to haunt you in the future. > > > -Justin > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-community/message.cfm/messageid:309213 Subscription: http://www.houseoffusion.com/groups/cf-community/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.5
