Skip to main content

Posts

Showing posts with the label tenable nessus

PCI Compliance Scans and Scams

HIPAA, SOX, SAS-70 - those whose business relies on hosting a website are no stranger to the regulatory schemes of trade organizations and their acronyms. The PCI Data Security Standard is perhaps the most well known and widely adopted. PCI DSS is a set of very general outlines of security best practices for those who process and/or store credit cards using computers. Compliance is certified by a third party corporation (a Qualified Security Assessor or QSA), and demand is created by offering lower credit card transaction fees to websites who are certified as compliant. On the whole, the initiative has had some big successes. Credit card companies win by reducing incidents of fraud as more sites adopt standard security features, merchants win through reduced transaction costs and by being able to advertise a third party certification of secure site design and companies responsible for certification get to exist and create new jobs in the process. The standards have gone a long way to...