On Wed, Nov 25, 2009 at 8:59 PM, [email protected] < [email protected]> wrote:
> Can you help me understand what the PA DSS is all about? Is the > payment card industry creating a list of "approved" shopping cart > systems and wants all shopping cart developers to fork out $1250 to be > on a list? > > Basically, yes, you have it correctly. It costs a minimum of $1250 to list a cart as approved. More than that, though. The easiest, fastest way to be approved is to have an audit run by a certified PSA-QSA company. Seems to be about as hard as getting a CNA (not hard at all, just take classes and be good at memorizing). So there are the audit fees, and the joy of dealing with the auditors, who are almost certainly non-programmers who think they know much more about programming and security than "you" do. Security is *hard*, and it isn't something you can buy, nor is it something that works well with explicit rules. It is something you build into the process at your company and for your implementation. The specific cart software you use is possibly 10% of the potential problems. However, we have no choice. Toe the line or face losing your merchant account. So, the PSA DSS initiative seems to be a nice way to rack up a few more dollars, close out the small competitors, and look like you are standing up for security. Bleah. -- Bruce Kroeze http://www.ecomsmith.com It's time to hammer your site into shape. -- You received this message because you are subscribed to the Google Groups "Satchmo users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/satchmo-users?hl=en.
