Comments on: When It Comes To PCI Compliance, Franchisors Are Screwed http://storefrontbacktalk.com/securityfraud/when-it-comes-to-pci-compliance-franchisors-are-screwed/ Techniques, Tools and Tirades about Retail Technology and E-Commerce Sun, 20 May 2012 01:49:40 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: PoS Manager http://storefrontbacktalk.com/securityfraud/when-it-comes-to-pci-compliance-franchisors-are-screwed/comment-page-1/#comment-64260 PoS Manager Fri, 18 Dec 2009 16:12:39 +0000 http://www.storefrontbacktalk.com/?p=4424#comment-64260 It's a really good point. There's so much involved with compliance. Just because the PoS software is PA-DSS, doesn't mean the entire hardware solution is. Just because the physical devices are, doesn't mean the user is using 'best practices' and eating the PCI dogfood. Obviously, no one really wants to take responsibility, and it usually falls on the person who has the least to lose, but also is the least capable of achieving proper implementation. It’s a really good point. There’s so much involved with compliance. Just because the PoS software is PA-DSS, doesn’t mean the entire hardware solution is. Just because the physical devices are, doesn’t mean the user is using ‘best practices’ and eating the PCI dogfood.

Obviously, no one really wants to take responsibility, and it usually falls on the person who has the least to lose, but also is the least capable of achieving proper implementation.

]]> By: Joe http://storefrontbacktalk.com/securityfraud/when-it-comes-to-pci-compliance-franchisors-are-screwed/comment-page-1/#comment-64255 Joe Thu, 17 Dec 2009 14:55:23 +0000 http://www.storefrontbacktalk.com/?p=4424#comment-64255 What a complicated situation. We provide our independent dealers with a POS system that is integrated with credit card processing back to FD through dedicated circuit. The router in the stores are on different connection types and connect back to the system through VPN. These dealers are completely uninformed about PCI and are looking to us to make the issue go away. The temptation (and even the suggestion by a FD customer service person) is to just answer "yes" to the online self assessment on questions that you aren't sure of the answer. All these retailers are level 3 or 4 and wouldn't need an onsite audit, but they don't even understand what the issue is. Those clunky old hyperterminals on dialup look a little more attractive these days :/ What a complicated situation. We provide our independent dealers with a POS system that is integrated with credit card processing back to FD through dedicated circuit. The router in the stores are on different connection types and connect back to the system through VPN. These dealers are completely uninformed about PCI and are looking to us to make the issue go away. The temptation (and even the suggestion by a FD customer service person) is to just answer “yes” to the online self assessment on questions that you aren’t sure of the answer. All these retailers are level 3 or 4 and wouldn’t need an onsite audit, but they don’t even understand what the issue is.

Those clunky old hyperterminals on dialup look a little more attractive these days :/

]]>