Yeah, that sort of thing is concerning. Hopefully they'll have
requirements that scale with the size of the company like the do for
PCI. If not then it means for things like OFBiz that it will be more
expensive when it is possible, and that smaller services companies
will have a hard time competing, which would be a real shame.
On the other hand, it would open up a market for those who do these,
and perhaps if they specialize in doing these audits for a particular
software package they can get the price down from these astronomical
highs.
I haven't looked into what other CC companies are doing about, but
maybe this will be a big break for cards that are not either "Visa" or
"MasterCard"... ;) Wouldn't that be funny, online shops that only take
AmEx and Discover instead of usually not accepting those.
Realistically, as was mentioned, it would probably mean more companies
using external payment processing like PayPal, Google Checkout, etc,
etc. With PCI stuff getting more teeth lately I've even heard from a
few moderately sized shops that are going in this direction (ie no
local CC storage whatsoever).
-David
On May 24, 2009, at 6:04 AM, Sam Hamilton wrote:
I had never heard of PA-DSS until I bumped into this blog post -
http://www.merchantaccountblog.com/735/pa-dss-and-you-thought-pci-was-a-mess
Its scary beast that has the potential to rip the heart out of open
source e-commerce if the credit card companies come down hard
requiring this.
If you use the ecommerce app I would have a good read of this.
Sam
