[BlueOnyx:04511] Re: PCI scans - with link to report
Chris Gebhardt - VIRTBIZ Internet
cobaltfacts at virtbiz.com
Sun May 16 16:34:32 -05 2010
Doug Harvey wrote:
> Bottom line...I had to move my mail servicing to another server...The
> database had to be on another server...Three servers total to run an
> effective e-commerce site.
Well... strictly speaking, this isn't necessarily true. You see, their
testing originates from a fairly narrow IP range. At least, that's the
case that I've witnessed with a couple of the firms. Load that into
your firewall, and *poof*.
Not that I'm suggesting that's your answer to PCI compliance.
We had one case with a shared hosting customer who did NO online
transactions. They're a cleaning company with a static website. Their
bank insisted on the PCI compliance testing (at their expense). The
process quite literally brought my customer to tears. She was so upset
and the bank's testing representative (an outsourced company) had a
particularly bad demeanor. After 3 years of the nonsense (annual
reviews!) they took my advice and changed banks. 3 years later than I
would have pulled that plug, but better late than never I suppose.
Anyhow, if you just want the testing report to pass, you can make that
happen easily enough. Don't misunderstand me: I'm not advocating. Just
mentioning. It all depends on your goals.
--
Chris Gebhardt
VIRTBIZ Internet Services
Access, Web Hosting, Colocation, Dedicated
www.virtbiz.com | toll-free (866) 4 VIRTBIZ
More information about the Blueonyx
mailing list