Web Building

RE: Are you compliant with the new data-security laws?

acceptiva — Thu, 22 Mar 2007 22:52:00 GMT

Just a comment/correction to this article. The PCI DSS requirements do actually state that anyone that has a webpage that connects to a processor, even a third party processor, must meet the level 4 merchant requirements, i.e., questionnaire and annual scan. This means that finding a third party processor will NOT absolve you from the need to meet the level 4 requirements. The reason for this is that even though you may not store or process credit cards, it is still possible for crooks to access the server that hosts your webpage (that in-turn connects to the third party processor) and redirect traffic to a fraudulent site that looks like your third party processor site.

RE: Are you compliant with the new data-security laws?

marcial1 — Wed, 07 Mar 2007 14:39:00 GMT

Our organization doesn't accept payments online via credit card but we do process payments via our bank's ACH system. Is there published guidance on the requirements to protect this type of information and is there a self assessment questionaire available?

RE: Are you compliant with the new data-security laws?

eddschott — Wed, 07 Mar 2007 00:07:00 GMT

The information provided in this article seems to imply that these guidelines are for any organization that touches credit card data, not only organizations that take online credit card payments. It seems to me that this important article to should moved to a different category than "web building".

Are you compliant with the new data-security laws?

wcook — Thu, 01 Mar 2007 21:59:00 GMT

In his article New Laws for Organizations that Accept Online Payments, Andrew Conry-Murray writes that states and countries have recently created laws that require organizations that accept payments online to take certain measures to protect their constituents' data. After reading the article, feel free to share your questions or comments here.