PCI compliance - a helpful check on website security or a money making scheme?

For those not knowing the Internet Acronym used in the title look here: Wiktionary

So I have a few clients with online stores of one type or another, mainly they trade as an online arm of an existing business, though this isn’t the case in all circumstances.

For those not knowing the process to get an online store – it entails getting a merchant ID (something the banks will say they can sort in about 5 days, though experience tells us it takes on average 6-10 weeks! ).
Part of this process is the security of the websites – something which I believe most online businesses should take more seriously – Enter the PCI Compliance system.

This is a system which simulates a site infiltration via several known methods  - and gives a report that indicates the level of security that the site has. On the face of it a good thing…

But…

Firstly, the tests that are performed can (and do) fail in their execution, on some sites.
This may mean that, even though the security may be above and beyond the level required for compliance, the site will get a ‘failed’ rating because the tests cannot get in.

Surely this is the point, if you cannot get in does that not indicate a secure site?

Secondly, the tests require that some access points to sites (such as those used by known management systems) must be disabled.
This means that common systems used to control and configure systems cannot be used (The router that connects you to the outside world usually has a web based control panel accessible externally, to pass this must be disabled).

This makes my support to the clients EXTREMELY difficult If I cannot connect remotely to their systems.

This all makes sense when you realise that, even though PCI compliance is NOT required, nor even recognised by some providers, the banks will charge you a monthly fee if you are not compliant…
Believe me when I say that it’s VERY easy to be ‘Non compliant’

Call me a cynic if you will!

Filed under : General  |  Be the first to comment! »
20 views

=============== ===============

Barclays "Making life difficult" - this should be their slogan..!

Once again I have attempted to venture into the world of finance – this time to open a bank account for some savings…

This proved to be far too inconvenient for the branch of Barclays I popped into this morning…

Off I pop to the local branch, chipper to the last as I strolled in to the branch, waited patiently for a cashier to become free, and advanced smiling…

“[holding the account flyer] Can I open one of these accounts please?”
“I’m sorry sir, you need to see the lady over there [points], but she is busy and she works on an appointment basis”
[Like I'm not a busy person]
“I can fit you in this afternoon at 2:00 or tomorrow if you wish”…
At this point I’m looking non to impressed – I’ll not bore you with my comments…!
Suffice to say I wasn’t too impressed

Ok – now this account NEEDS you to go in to the branch to open in the first place (the terms state you must be an existing customer to open the account online).
NOWHERE did it say you have to go into the branch to make an appointment to open the account, before you go in to the branch to open the account.
This is ridiculous!!

HELLO BARCLAYS! I’M TRYING TO INVEST MONEY HERE!!!

What is wrong in the minds of man, that makes you think that people want your service SOOOO badly that they’ll perform tricks for your pleasure Barclays?
I just want to open a savings account – not apply for £1,000,000′s – it’s not too difficult for you is it?
The last time I opened an account it only took 5 minutes ONLINE, and required not much more than my name and date of birth.

Next time I’ll take my mother (to confirm her maiden name), birth certificate, driving license, passport, National Insurance number, a utility bill (in my name and at the present address), the 4 other cards I have for other bank accounts, all my personal measurements, written confirmation of my memorable date/place/pet, written confirmation of my alpha numeric 16 letter password (from which they’ll only need letters 2 6 and 10),  a blood sample, retina scan, AND a swab of DNA/skin sample.
Maybe that will convince them that I’m me. Though I doubt it…!

Yet another display of stupidity on behalf of the banks…

Filed under : Hell  |  Be the first to comment! »
4 views

=============== ===============

Why do we have to jump through some stupid hoops just for 'security'?

I’m one of those strange people who think that credit is a BAD option.
I grew up in a family with little spare cash flowing around, and as such like to squirrel away a little cash from time to time.
It’s with this in mind I try to keep some cash in a savings acount – In this case the Santander eSavings account.

Now this account was originally opened with the Abbey (National – for those old enough to remember), before all the banking fiasco started, and gave a good level of interest as time went on.
Then the banking crisis hit and savings rates were crushed.
Abbey were one of the banks under threat, but was ‘rescued’ by Santander – not a positive step in my opinion.

After recieving very little interest from the account for a while, and now that things have calmed considerably I moved the account balance to a new account on Monday – with the usual banking delay for a BACS transaction this finally hit my account on Friday (this is the 21st century for goodness sake – 3 to 4 DAYS to do a transaction )

This I thought would close the account – how wrong could I be!!

I logged in to the account this morning, just to check – still not closed – so as a courtesy to the bank I called them to ask to close the account.
Havnig passed the security check to verify my identity, I asked to close the account, as there was a nil balance.
I was told this was viewed as a transaction and required me to pass ANTOHER security check
After trying to guess my ‘memorable date’ and failing I was told she couldn’t close the account!!!
STUPID STUPID STUPID!!!
How could I possibly manage to move money using the ‘security’ that was previously enough – and not be able to close an empty account?

I hold another account with another bank, not closed for a similar reason. The Yorkshire bank has an account with about 30p in it because they “counld not give me the pennies” when I went to close the account.
That was about 6 YEARS ago!

What ever happened to customer service? Why do we have to jump through some ridiculous hoops just to perform simple tasks with OUR OWN MONEY!?!?!?

‘Effin ridiculous!

It’s kind of nice to know that the banks will have to administer the accounts, costing them money (albeit a small amount).

Filed under : Hell  |  Be the first to comment! »
10 views

=============== ===============

Remote CCTV - Finally I got it finished!

Finally I got to finish the remote cameras at the nursery
The broadband went live yesterday (apparently) and I finished the install today.
I also popped over to Bradford City centre to configure a peer-to-peer network connected to a central office via a VPN

Complicated stuff

The past couple of weeks have been a bit mad!
We’ve taken some bold steps forward in an effort to grab some of the business available from the IT companies going under.
It’s a bit mercenary, but when one company fails, then their customers still need looking after – it’s getting the message out to them that’s the hard part.
We are seriously looking at some kind of leaflet drop and a “strategic partnership” with a colleague (who provides complimentary services).
It seems the things we are doing are boosting our workload (and therefore, the bottom line :) )
This time of recession has both positives and negatives – I guess the trick is to get more of the former… Much easier said than done. 

I’m hoping that the interest rate cuts and the “quantitative easing” by the Bank of England, will have a positive effect – At least to ease the passage through these troubled times…

P.S.
We’ve got higher in the Technorati rankings - 2,506,021st now!

Filed under : General  |  Be the first to comment! »
1 views

=============== ===============

Are the banks so desperate as to need our funds too?

One of the things small companies rely on is cash flow. That is the simple in and out of cash on a daily basis.

There is a business mantra, often heard from those of a financial lilt – “Turnover is vanity, profit is sanity, but cash is king”
Quite simply – turnover makes your company look good, but is it actually making any money?
- profit is what makes your company worthwhile, without it you might as well give up (though there are more intangible rewards)
- But over all, if you have no cash in the bank, you are stuffed!

Imagine how happy we were then when a cheque bounced – luckily for services not yet provided.
The bank credited the account and, when the bounce occurred, removed the credit. Fine – these things happen…
The bank then re-presented the the cheque automatically, but this time with one subtle difference; They didn’t credit our account first – so when the cheque bounced the second time, they duly removed a credit not given.
Result – Our account was down by the amount of the cheque. (I should add that the value had 3 ’000s on the end).
No apology, no recompense.
In a small business this can have disastrous results, and would have done, had Tor not spotted it. A huge dent in our cash flow for this month then…
Grrr…

BT and Daisy Telecom

I’d like to introduce a new section – the donkey award for absolute stupidity.

I went to the nursery to finish off the camera install from the other day, armed with the broadband details our employer was provided to configure the connection.

On investigating, the router told me that the connection status was ‘down’ – further investigation reveals that there is no broadband on this line AT ALL!!
The end client was being billed for a broadband that didn’t exist – SINCE AUGUST LAST YEAR!! What I had been given, and where the info came from, I have no idea..!
Daisy Telecom and BT being the culprits – what is going on?

In other news – I would like to thank Jaimie Dobson from iNet Engineers, for the opportunity to ‘Guest blog’ on his site
Jaimie used the details from our last eZine for a article on Spyware and Malware. read it here (original eZine) or on Jaimie’s blog here

Filed under : Hell  |  1 Comment »
4 views

=============== ===============