Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
A claim has been made by a small business owner that if the Payment Card Industry Data Security Standard (PCI DSS) regulations were enforced, it would "cripple" such enterprises.Writing on the philosecurity blog, author Sherri Davidoff interviewed ‘Mike', the owner of a mid-sized web-hosting company,who talked about the effects of PCI DSS on web hosting companies and small online merchants who are his customers. When she asked what the impact of PCI DSS was on small businesses, he claimed that "if it continues to be generally ignored by the vast majority of small merchants and small hosting companies, then the impact will be slow and steady".He said: “It's a matter of how aggressive the credit card processors and the PCI security standards council (SSC) themselves decide to get on their customers. Sure, my payment processing company could decide to demand from me an attestation of compliance. They could hold this over my head and say ‘we will revoke your credit-card processing privileges if you do not submit your attestation of compliance'.“Imagine us asking thousands and thousands of customers who have previously been on auto-pay to ‘please, hand-write me a cheque from now on', and customers in 40-something countries. Good luck.”When asked if regulations would put him out of business, he commented that "it might not kill us, but it would cripple us".He said: “But that credit card processor, in making that decision to revoke our privileges, would of course be cutting themselves out of thousands of dollars of revenue every month that we paid them. They would be killing one of their customers. So, they're torn in two directions.”He also claimed that the PCI SSC would not have been able to take appropriate input from merchants, as 95 per cent of merchants would not have been capable of providing substantive technical feedback to the committee.When asked why, he said: “Because 95 per cent of merchants are not technical operations. They are businesses that are selling coffee on the corner, or they are selling widgets, and their cardholder data environment doesn't consist of much but a plastic box with a phone line connected to it.”He further commented that small businesses, and small to medium-sized web hosting companies that are called upon by these small merchants, have a 100-point checklist of things that are not terribly understandable, are broadly interpretable, and in many ways onerous to the point of absurdity for a small operation.The interview concluded with 'Mike' saying that if PCI DSS was enforced vigorously it could cause small businesses to go under.He said: “I should go on record as saying that I support the general idea of having standards for how credit card data is handled on behalf of your customers. People should use secure best practices and due care to ensure that credit card data is not released to hackers in Des Moines or Denmark or Indonesia. We must avoid that. Good! Let's have some standards.”See original article on scmagazineuk.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.