Do you have a question? Post it now! No Registration Necessary. Now with pictures!
November 26, 2005, 11:03 pm
rate this thread
I have some tips for people who make or accept credit card purchases.
Payment processors (such as Paypal) sometimes use a service to help
them stay in compliance with credit card company rules. These rules
vary between credit card companies, but they're based on the Payment
Card Industry (PCI) Data Security Standard, which helps protect
customers. Beware of compliancy services, particularly AmbironTrustWave
( http://www.atwcorp.com/ ) which I discovered has made an
unsubstantiated claim that the payment processor Kagi "has performed
the required procedures to validate compliance with the PCI Data
Security Standard." I recommend that Visa's own list of compliant
service providers (which includes payment processors) be used to
confirm compliancy. I included this tip in my consumer protection
index, under "Payment Processors" at
along with some other tips.
Here's my email to Visa and two replies that I received (I think there
was confusion at Visa over whether the first reply was sent).
Kagi is not on Visa's updated list of compliant service providers and
therefore is not PCI/CISP compliant. Companies that have not
successfully fulfilled FULL PCI/CISP compliance requirements and
approved by Visa are non-compliant. Therefore, any claims made without
a Visa-approved full PCI/CISP compliance are unsubstantiated.
The CISP Team
Below is the email response sent last Tuesday by CISP soon after we
received the initial email from Barry. Again, Kagi is not on Visa's
list of compliant service providers and therefore is not PCI/CISP
compliant. Any claims Kagi makes on their PCI/CISP compliance is
unsubstantiated. Many business entities consider their operations
compliant according to PCI/CISP; however, in order to be legitimately
PCI/CISP compliant, the relative PCI DSS compliance requirements
according to CISP must be fulfilled accordingly, fully compliant, and
approved by Visa.
Then CISP Team
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — The site's Newest Thread. Posted in » Secure Shell Forum