[CentOS] PCI/DSS compliance on CentOS

Sat May 26 05:53:53 UTC 2012
Eero Volotinen <eero.volotinen at iki.fi>

2012/5/26 Ken godee <ken at perfect-image.com>:
>>> What "level" of PCI/DSS compliance are you going for?
>>
>> I have to check this with the client.   Credit card information will
>> be encrypted and stored in client's own db.
>
> Yup, this is exactly what they don't want people to do and
> I believe in the future they'll strive for just a handful
> of processors that will meet there criteria.
>
>> The client will be hosting it on their own office premise (the
>> physical security aspect is being handled by another vendor).
>>
>
> I'm sure I'm talking way over my head at this point.... but
> this must be for a fairly large merchant (1M+ transactions yearly).

"The client will be hosting it on their own office premise" sounds
really bad. Usually this kind of systems are located in really secured
datacenters.

--
Eero