I know the mandates have gotten stricter after they have been released. It sounds like you've been dealing with it longer than I have.
Without a doubt a lot of compliance issues have very little to do with coding, but rather relate to administrative type of issues for how data is handled and stored. If you're writing and selling POS software; but not actually using that software itself,your steps to create PCI compliant software will be a lot simpler than the company who buys an uses your software. --- In flexcoders@yahoogroups.com, Lee Jenkins <l...@...> wrote: > > Jeff wrote: > > > > > > That is unequivocally wrong. > > As I said, that was my understanding and it was so when the mandate was first > released, but I assume that it was phased out in one of the steps to full > PCI/DSS or maybe it is different for web facing models? I'll ask my > compliance > rep next time I speak with him. Thanks for the heads up. > > > However, depending what you're doing there are different levels of > > Compliance. Since you are storing credit cards; I thought you get bumped > > up to the highest level of compliance. > > > > DotComIt ( Flextras ) does a self assessment questionnaire and a > > quarterly web site scan to remain compliant. We store no CC info. > > > > PCI Compliance issues also directed some of our development decisions. > > For example, credit card info is never displayed to the screen even in > > receipts. When in memory, it encrypted; I believe using a session > > specific key. When a purchase is complete the CC info is deleted from > > memory, thus minimizing the amount of time our server touches the CC info. > > > > I write point of sale software and with the exception of documentation issues > and other issues unrelated to the software itself, it has been functionally > compliant well before the mandate was released. That has made our own > compliance process easier. > > Frankly, I could never understand why a developer writing any application > like > that would not do the minimum steps to secure data. > > -- > Warm Regards, > > Lee >
