Just saw Ken's post about PCI compliance and didn't want to hijack that thread. PCI compliance when it first came out was mandated by the credit card processor, about $20/mo and included some quarterly scans for vulnerabilities or exploits. We've switched processors a few times and realized that no one has asked us about PCI compliance for years. Looked into purchasing PCI auditing from McAfee and it's $1k a year, and involves an extremely intensive questionnaire of the company plus serious internal documentation of policy etc. Basically, PCI compliance got a lot more legit and expensive. Just wondering what everyone else is doing? Grandfathered the old low-tech quarterly scan, nothing at all, or are you on board with this newer intense PCI compliance?
Thanks, `S
