Talk:PCI DSS
From Wikipedia, the free encyclopedia
[edit] Link "PCIDSS"
For someone who knows how. Searching PCIDSS does not currently direct here --K
- Done. --Clay Collier 07:12, 4 April 2007 (UTC)
This page should be merged with "Payment Card Industry" --Grvfuel 15:41, 17 October 2007 (UTC)
I'm not entirely convinced - the PCI page should really just talk about the PCI and link off to the various standards they provide IMO. Otherwise as the number of standards they issue or maintain grows, the PCI page will become rather bloated. Random name 10:57, 18 October 2007 (UTC)
Added links to sources regarding PCI compliance, the recent visa international payment mandates. ~~Classof96 20:52, 5 November 2007
- The problem with these links - there are millions of information sources like these. I've not been editing long enough to know how we're meant to decide which to use, and which to leave. Random name 21:52, 7 November 2007 (UTC)
Is this international? 202.160.118.227 (talk) 06:20, 19 December 2007 (UTC)
[edit] Oversimplified and inaccurate
These two statements
A company processing, storing, or transmitting credit card numbers must be PCI DSS compliant or they risk losing the ability to process credit card payments. Merchants and service providers must validate compliance with an audit by a PCI DSS Qualified Security Assessor (QSA) Company.
are an oversimplification of the reality and not quite accurate. The truth is: an acquirer (say FirstUSA for the Visa credit card) might periodically ask a merchant (say Walmart) to answer (all/not all) questions within a number of questionnaires and execute a scanning test against vulnerabilities and threats on the merchant assets (computers, payment card readers, etc.) Then an auditor (internal or external) will review the answers and the results and solely decide whether the merchant is fully-partially-not compliant. It is not necessary that the auditor comes from a PCI DSS Qualified Security Assessor (QSA) Company.
The sentence The PCI DSS recognizes wireless LANs as public networks and automatically assumes they are a threat. is meaningless. The wireless LANs are not threats - rather they might be vulnerable and exposed to some threats.--Stagalj (talk) 18:45, 7 January 2008 (UTC)
PCI is regarded as being relatively more prescriptive than these other laws.[citation needed]
Other laws? PCI-DSS is not a law or a government regulation.--DrRisk13 (talk) 01:32, 31 January 2008 (UTC)
