Comments on: PCI Threatens Small Business and Web Hosting Companies http://philosecurity.org/2010/02/08/pci-stresses-small-business-and-web-hosting-companies Tue, 08 Nov 2011 22:48:18 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Jim http://philosecurity.org/2010/02/08/pci-stresses-small-business-and-web-hosting-companies/comment-page-1#comment-5802 Jim Tue, 23 Feb 2010 03:52:04 +0000 http://philosecurity.org/?p=3084#comment-5802 I agree with your central point that small businesses can't afford the time or the effort to ensure that they're PCI compliant. However there is another alternative to going out of business: the small business can just outsource the payment processing bit to one of the established processors. If they're not holding sensitive data, then they don't need to be PCI compliant as I understand it. For a fee of between 2% and 4% they can make all the headaches go away. The data is held by larger organizations more equipped to handle it, and with the resources to look after it (or so they would have us believe). Everyone wins for the sake of a small percentage increase in price to the consumer ... I agree with your central point that small businesses can’t afford the time or the effort to ensure that they’re PCI compliant. However there is another alternative to going out of business: the small business can just outsource the payment processing bit to one of the established processors.

If they’re not holding sensitive data, then they don’t need to be PCI compliant as I understand it. For a fee of between 2% and 4% they can make all the headaches go away. The data is held by larger organizations more equipped to handle it, and with the resources to look after it (or so they would have us believe). Everyone wins for the sake of a small percentage increase in price to the consumer …

]]> By: LonerVamp http://philosecurity.org/2010/02/08/pci-stresses-small-business-and-web-hosting-companies/comment-page-1#comment-5781 LonerVamp Thu, 11 Feb 2010 14:49:18 +0000 http://philosecurity.org/?p=3084#comment-5781 As a footnote, I'm not the "Mike" in the story, despite dropping the "Des Moines" in there (which is where I live!). :) As a footnote, I’m not the “Mike” in the story, despite dropping the “Des Moines” in there (which is where I live!). :)

]]> By: LonerVamp http://philosecurity.org/2010/02/08/pci-stresses-small-business-and-web-hosting-companies/comment-page-1#comment-5773 LonerVamp Wed, 10 Feb 2010 15:29:21 +0000 http://philosecurity.org/?p=3084#comment-5773 I'm surprised you don't have more comments, but then again I think your interview points out some of the ditry little secrets of PCI. Most importantly that it is a difficult and painful and costly standard to step up to. As if there wasn't already a costly technical barrier to many SMBs or all the costs of operating in a technological world! That's not to say small businesses like a web hosting provider shouldn't be expected to invest in security (or PCI), but I certainly do understand their pain. It does make you wonder, though. Do you get any real security benefit by *forcing* security standards? If a child doesn't want to clean his room, but you make him do it or take away the X-box, do you think you'll get a good job out of him? You'll get just enough to avoid the punishment, even so far as just shoving everything under the bed or into the closet en masse! I’m surprised you don’t have more comments, but then again I think your interview points out some of the ditry little secrets of PCI. Most importantly that it is a difficult and painful and costly standard to step up to. As if there wasn’t already a costly technical barrier to many SMBs or all the costs of operating in a technological world!

That’s not to say small businesses like a web hosting provider shouldn’t be expected to invest in security (or PCI), but I certainly do understand their pain.

It does make you wonder, though. Do you get any real security benefit by *forcing* security standards? If a child doesn’t want to clean his room, but you make him do it or take away the X-box, do you think you’ll get a good job out of him? You’ll get just enough to avoid the punishment, even so far as just shoving everything under the bed or into the closet en masse!

]]> By: bbot http://philosecurity.org/2010/02/08/pci-stresses-small-business-and-web-hosting-companies/comment-page-1#comment-5766 bbot Mon, 08 Feb 2010 22:22:00 +0000 http://philosecurity.org/?p=3084#comment-5766 Perhaps add a paragraph at the beginning explaining what PCI/DSS is, for those too lazy to follow a link then decipher corporatese. Otherwise, a fine interview. I look forward to seeing more of them. Perhaps add a paragraph at the beginning explaining what PCI/DSS is, for those too lazy to follow a link then decipher corporatese.

Otherwise, a fine interview. I look forward to seeing more of them.

]]>