[CentOS] PCI/DSS compliance on CentOS
Ken godee
ken at perfect-image.com
Sat May 26 05:45:16 UTC 2012
>> What "level" of PCI/DSS compliance are you going for?
>
> I have to check this with the client. Credit card information will
> be encrypted and stored in client's own db.
Yup, this is exactly what they don't want people to do and
I believe in the future they'll strive for just a handful
of processors that will meet there criteria.
> The client will be hosting it on their own office premise (the
> physical security aspect is being handled by another vendor).
>
I'm sure I'm talking way over my head at this point.... but
this must be for a fairly large merchant (1M+ transactions yearly).
Not quite sure why one wouldn't use one of processors gateway
facilities, there's convenient api's that would handle anything to do
with cc's and at a "small fraction" of the price to set up and maintain.
More information about the CentOS
mailing list