E-Commerce 2010: PCI (DSS) Compliance BoF
This October/December new regulations will take effect for businesses who accept credit cards online and off! Various new technical requirements for web servers and company computers to be PCI compliant.
I have done some research and am helping a client get PCI compliant so I canshare what I know, especially where to go, how much things have been costing in time and money.
This is a roundtable knowledge share and if others with experience can come to share more about this would be great.
– Servers need to be audited every quarter.
– Anti-virus must be installed on servers & company computers.
– Password protected screens must auto-trigger on any company computer that stores financial/ordering/creditcard info. So the mail guy can’t steal someone’s credit card number while you’re in the bathroom.
– Changes in Apache (ETAGS, ServerSignature Off, etc.)
– and more.