Securosis is Now PCI Certified

By Rich

I was talking with Jeremiah Grossman out at the SOURCE Conference in Boston, lamenting the state of PCI certification. Although ASVs continue to drop their rates and reduce the requirements for compliance by issuing exceptions, it’s still a costly and intrusive process. Sure, pretty much anyone who signs up and completes payment achieves certification, but adoption rates are still low and only a fraction of the retail community, especially the online community, is compliant.

That’s why I got excited when I heard about Scanless PCI. They claim to use a patent-pending technique (doesn’t everyone) to certify merchants with no setup and no technology changes. The best part? It’s free. As in beer. Absolutely free. Free PCI certification? I don’t get the business model, but after evaluating the technology with Jeremiah and Robert Hansen (Rsnake) I’m convinced it works. If the top 2 web application security guys sign off on it, I’m all in.

According to Jeremiah,

Sounded too good to be true so I investigated their website. To my amazement I left the site completely convinced that their offering is every bit as effective at stopping hackers as other ASVs we”ve discussed here in the past. Their process was so straight forward I figured there was no excuse for my blog not to be PCI Certified as well. Check out the right side column, compliance was zip zap!

I’m sold, and Securosis is now PCI compliant!


p style=”text-align:right;font-size:10px;”>Technorati Tags:

No Related Posts

  Domains by Proxy, Inc.
  15111 N. Hayden Rd., Ste 160, PMB 353
  <b>Scottsdale, Arizona 85260</b>
  United States

  Registered through:, Inc. (
    <b>Created on: 01-Apr-08</b>
    Expires on: 01-Apr-09
    Last Updated on: 01-Apr-08

Hmm… I smell a rat.

By Rob Newby

This is obviously a April Fool’s joke….

By Onn Chee

I knew it was just a matter of time until you imploded under the industry pressure that PCI non-compliance brings.

Glad you came out from the cold and joined the first world yet again.

By rybolov

I have seen similar technologies used to great effect when I was in college. Essentially the rampant increase in STD’s drove the need for a method to determine if a potential partner was "clean" from infection. Sure enough it wasn’‘t long before free T-shirts, with the phrase "Certified no STD’‘s", were seen all over campus. It was like the free-wheeling, free-loving 60’s some of us read about and wished we could have been alive to participate in - a world that was totally secure from STD’‘s, a dream, I think not…

By Amrit

[...] has finally gotten the business model correct for PCI Compliance. This is a great suggestion by industry experts (Rsnake , Jeremiah Grossman, Rich Mogull). [...]

By Mark Palmer » Seriously….

If you like to leave comments, and aren’t a spammer, register for the site and email us at and we’ll turn off moderation for your account.