[freeside-users] PCI COMPLIANT?
GlobalNet, LLC
jeffa at globalco.net
Thu Dec 18 08:43:57 PST 2008
Hello Jason,
Thursday, December 18, 2008, 11:33:10 AM, you wrote:
> On Thu, Dec 18, 2008 at 9:27 AM, GlobalNet, LLC <jeffa at globalco.net> wrote:
>> Is the Freeside Billing System PCI Compliant using the Authorize.net for
>> credit cards and checks
>>
>> under this new compliance things thats facing us with Mastercard and Visa
>> requirments?
>>
>> What are some of install scenerios to meet these guidelines?
>>
> It *can* be, but that mostly depends on how you set yours up
> individually. What hardware you use, where your server is, who you
> allow access, how do any of your programs interact with freeside, and
> via what networks and protocols, and you must be using the encryption
> on cards as noted in the wiki, etc.
> It's a big hairy mess, (PCI) but you can do it, freeside gives the
> tools necessary for its part, but much of PCI compliance is in your
> infrastructure.
So Basically am I assuming any communication between the database and
outside sources must be using encryption such as SSL, etc.
Another concern the authorize.net communication as setup as documented
meet the requirments for the batch payments that run
automatically..to be secure
I do not run a full IPS but do use nat, and open only needed ports, I
thought about sonicwall to monitor traffic, but so expensive. I am a
starving ISP
Jeff
More information about the freeside-users
mailing list