Login  |  Register  |  Contact

Securosis is Now PCI Certified

I was talking with Jeremiah Grossman out at the SOURCE Conference in Boston, lamenting the state of PCI certification. Although ASVs continue to drop their rates and reduce the requirements for compliance by issuing exceptions, it’s still a costly and intrusive process. Sure, pretty much anyone who signs up and completes payment achieves certification, but adoption rates are still low and only a fraction of the retail community, especially the online community, is compliant.

That’s why I got excited when I heard about Scanless PCI. They claim to use a patent-pending technique (doesn’t everyone) to certify merchants with no setup and no technology changes. The best part? It’s free. As in beer. Absolutely free. Free PCI certification? I don’t get the business model, but after evaluating the technology with Jeremiah and Robert Hansen (Rsnake) I’m convinced it works. If the top 2 web application security guys sign off on it, I’m all in.

According to Jeremiah,

Sounded too good to be true so I investigated their website. To my amazement I left the site completely convinced that their offering is every bit as effective at stopping hackers as other ASVs we”ve discussed here in the past. Their process was so straight forward I figured there was no excuse for my blog not to be PCI Certified as well. Check out the right side column, compliance was zip zap!

I’m sold, and Securosis is now PCI compliant!

<

p style=”text-align:right;font-size:10px;”>Technorati Tags:

—Rich

No Related Posts
Previous entry: Understanding and Selecting a Database Activity Monitoring Solution: Part 5, Advanced Features | | Next entry: Understanding and Selecting a Database Activity Monitoring Solution: Part 6, The Selection Process

Comments:

If you like to leave comments, and aren't a spammer, register for the site and email us at info@securosis.com and we'll turn off moderation for your account.

By Mark Palmer » Seriously….  on  03/31  at  08:21 PM

[...] Scanlesspci.com has finally gotten the business model correct for PCI Compliance. This is a great suggestion by industry experts (Rsnake , Jeremiah Grossman, Rich Mogull). [...]

By Amrit  on  03/31  at  10:26 PM

I have seen similar technologies used to great effect when I was in college. Essentially the rampant increase in STD’s drove the need for a method to determine if a potential partner was "clean" from infection. Sure enough it wasn’‘t long before free T-shirts, with the phrase "Certified no STD’‘s", were seen all over campus. It was like the free-wheeling, free-loving 60’s some of us read about and wished we could have been alive to participate in - a world that was totally secure from STD’‘s, a dream, I think not…

By rybolov  on  04/01  at  03:06 AM

I knew it was just a matter of time until you imploded under the industry pressure that PCI non-compliance brings.

Glad you came out from the cold and joined the first world yet again.

By Onn Chee  on  04/01  at  08:59 PM

This is obviously a April Fool’s joke….

By Rob Newby  on  04/02  at  01:15 PM

Registrant:
  Domains by Proxy, Inc.
  DomainsByProxy.com
  15111 N. Hayden Rd., Ste 160, PMB 353
  <b>Scottsdale, Arizona 85260</b>
  United States

  Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
  Domain Name: SCANLESSPCI.COM
    <b>Created on: 01-Apr-08</b>
    Expires on: 01-Apr-09
    Last Updated on: 01-Apr-08

Hmm… I smell a rat.

Name:

Email:

Remember my personal information

Notify me of follow-up comments?