Home – New Forums Selling online Is this PCI compliant? Reply To: Is this PCI compliant?

#1159346
ExplorePayments
Member
  • Total posts: 11
Up
0
::
John Debrincat, post: 184049 wrote:
Hello Geegee,

Your blog posts are spot on and, in general, I agree with your advice regarding PCI DSS compliance and not manually processing card not present transactions.

On the issue of the Target USA attack (and other USA mainstream retailers) before Christmas you should note that this was not an online compromise. The situation was caused by hackers embedding a malicious software virus in the systems that interfaced with the in-store EFTPOS systems. When the consumer swiped their card the the information on the magnetic strip was scraped and sent to the hackers. This was a very sophisticated attack that occurred at multiple companies and locations. Target got the most media exposure.

I was asked about for a news article that was published in Connected.com.

The USA have not implemented Chip and PIN cards and that was the main reason this attack could occur and was successful. It is far less likely to happen in Australia where we have been implementing Chip and PIN as well as Tap and Go type technology.

Selling online in Australia and buying online in Australia are remarkably safe and secure. Recording card details anywhere is not good practice unless you have implemented the technology to protect that information and that technology is not cheap or easy.

So go with a reputable payment service provider for any online credit card processing and check that your hosting company and your online store provider are PCI DSS Compliant.

John

Hi John,

In reference to the target data breach my intention was to highlight the cost rather than anything else.

Great article btw

Cheers
Ian