Re: [WebDNA] OT: Issue with some clouds

This WebDNA talk-list message is from

2009

It keeps the original formatting. numero = 103265
interpreted = N
texte = I'm still a little fuzzy on the PCI compliance thing... (I haven't done a CC site since the new regulations went into effect). If a small merchant has a storefront site, goes through a gateway (e.g. Authorize.net), does not store any card info, but only passes it through the site to the gateway, and receives confirmation back, does that merchant have to do anything more than have an SSL?Bob Minor wrote:> Not sure how many of you were looking to use a cloud for your solutions>> News from Slashdot>> Amazon Confirms EC2/S3 Not PCI Level 1 Compliant>> "After months of digging though speculation and polar opposite > opinions from PCIexperts, I finally sent a direct request to Amazon's > AWS sales team asking if they are in fact PCI compliant and will > provide documentation attesting that they are as is required by PCI > guidlines. I fully expecting them to dodge the question and refer me > to a QSA, but to my relief, they replied with a refreshingly honest > and absolute confirmation that it is currently impossible to meet PCI > level 1 compliance using AWS services for card data storage. They also > very strong suggest that cardnumbers never be stored on EC2 or S3 as > those services are inherently noncompliant. For now at least, the > official verdict is if you need to process credit cards, the Amazon > cloud platform is off the table.>> I vaguely recall some folks recently debating their use, if not then > pardon the intrusion Associated Messages, from the most recent to the oldest:

Re: [WebDNA] OT: Issue with some clouds (Bob Minor 2009)
Re: [WebDNA] OT: Issue with some clouds ("Dennis J. Bonsall, Jr." 2009)
Re: [WebDNA] OT: Issue with some clouds (Matthew Bohne 2009)

I'm still a little fuzzy on the PCI compliance thing... (I haven't done a CC site since the new regulations went into effect). If a small merchant has a storefront site, goes through a gateway (e.g. Authorize.net), does not store any card info, but only passes it through the site to the gateway, and receives confirmation back, does that merchant have to do anything more than have an SSL?Bob Minor wrote:> Not sure how many of you were looking to use a cloud for your solutions>> News from Slashdot>> Amazon Confirms EC2/S3 Not PCI Level 1 Compliant>> "After months of digging though speculation and polar opposite > opinions from PCIexperts, I finally sent a direct request to Amazon's > AWS sales team asking if they are in fact PCI compliant and will > provide documentation attesting that they are as is required by PCI > guidlines. I fully expecting them to dodge the question and refer me > to a QSA, but to my relief, they replied with a refreshingly honest > and absolute confirmation that it is currently impossible to meet PCI > level 1 compliance using AWS services for card data storage. They also > very strong suggest that cardnumbers never be stored on EC2 or S3 as > those services are inherently noncompliant. For now at least, the > official verdict is if you need to process credit cards, the Amazon > cloud platform is off the table.>> I vaguely recall some folks recently debating their use, if not then > pardon the intrusion Matthew Bohne

DOWNLOAD WEBDNA NOW!

Re: [WebDNA] OT: Issue with some clouds

2009

Top Articles:

Related Readings: