E-Commerce 2010: PCI (DSS) Compliance BoF

Note: this is an archived site. Visit us at http://ladrupal.org.

commerce
compliance
pci
Security
Advanced
Beginner
BoF (Birds of a Feather)
Business Side
Code & Development
Intermediate
Site Building

Logistics

Day:

Sunday

Time:

1:30p

Room:

EH 1150

Duration:

One hour

Link:

https://www.pcisecuritystandards.org

Link:

PCI DSS - PCI Security Standards Council

Link:

screencast

This October/December new regulations will take effect for businesses who accept credit cards online and off! Various new technical requirements for web servers and company computers to be PCI compliant.

I have done some research and am helping a client get PCI compliant so I canshare what I know, especially where to go, how much things have been costing in time and money.

This is a roundtable knowledge share and if others with experience can come to share more about this would be great.

Some highlights:

– Servers need to be audited every quarter.
– Anti-virus must be installed on servers & company computers.
– Password protected screens must auto-trigger on any company computer that stores financial/ordering/creditcard info. So the mail guy can’t steal someone’s credit card number while you’re in the bathroom.
– Changes in Apache (ETAGS, ServerSignature Off, etc.)
– and more.