funsec mailing list archives
Re: The PCI sky *isn't* falling!
From: Drsolly <drsollyp () drsolly com>
Date: Tue, 24 Mar 2009 07:56:34 +0000 (GMT)
On Mon, 23 Mar 2009, Justin D. Scott wrote:
I think such motion from total ignorance to doing "a piss-poor job" of security represents a huge progress for such, mostly small, organizations.There also many small companies that took one look at PCI and just gave up entirely and outsourced anything that was in scope for compliance to a larger company that specialized in payment processing. I can't tell you how many busted shopping carts we've replaced with PayPal checkout. When their online stores were built six or seven years ago, security wasn't as much of a problem. Now, they see the cost of keeping processing on their own site and go ahead with moving checkout to another service. They don't get the "prestige" of having the checkout on their site, but their customers are a whole lot safer as a result.
Safer as in having a lot of eggs in one attractive basket is safer than lots of less-safe but not-worth-hacking baskets? Safer as in "big companies don't get hacked"? But as well as being maybe safer, maybe less safe, they're certainly getting poorer customer service, because when you put an extra layer between a customer and the company, customer service has to suffer. You want to do your own processing, not for prestige, it's so that you can look after your customers much better. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: The PCI sky *isn't* falling!, (continued)
- Re: The PCI sky *isn't* falling! Alex Eckelberry (Mar 23)
- Re: The PCI sky *isn't* falling! Drsolly (Mar 23)
- Re: The PCI sky *isn't* falling! security curmudgeon (Mar 23)
- Re: The PCI sky *isn't* falling! Anton Chuvakin (Mar 23)
- Re: The PCI sky *isn't* falling! Amrit Williams (Mar 23)
- Re: The PCI sky *isn't* falling! Paul Ferguson (Mar 23)
- Re: The PCI sky *isn't* falling! security curmudgeon (Mar 23)
- Re: The PCI sky *isn't* falling! Drsolly (Mar 24)
- Re: The PCI sky *isn't* falling! Anton Chuvakin (Mar 24)
- Re: The PCI sky *isn't* falling! Justin D. Scott (Mar 23)
- Re: The PCI sky *isn't* falling! Drsolly (Mar 24)
- Re: The PCI sky *isn't* falling! Justin Scott (Mar 24)
- Re: The PCI sky *isn't* falling! Jon Kibler (Mar 24)
- security theater is useful, stop abusing it [was: PCI] Gadi Evron (Mar 24)
- Re: security theater is useful, stop abusing it [was: PCI] Benjamin April (Mar 24)
- Re: security theater is useful, stop abusing it [was: PCI] Imri Goldberg (Mar 24)
- Re: security theater is useful, stop abusing it [was: PCI] nick hatch (Mar 24)
- Re: The PCI sky *isn't* falling! David Harley (Mar 24)
- Re: The PCI sky *isn't* falling! Jon Kibler (Mar 24)