• NAK@lemmy.world
    link
    fedilink
    arrow-up
    25
    ·
    1 year ago

    I have worked for 5 different companies that needed to be PCI compliant and every one of them will fully decided not to do certain things. Not all of them were even hard, a lot of times it was simply the person making the decisions just didn’t want too.

    So that’s mine. Credit card security is not taken seriously but the vast majority of places that accept credit cards

    • Billegh@lemmy.world
      link
      fedilink
      arrow-up
      5
      ·
      edit-2
      1 year ago

      That’s because it’s an opportunity cost to be caught out of compliance, but overhead to be in compliance. And in many cases less expensive to be caught out of compliance than stay in compliance. Especially for small companies.

    • midnightgoat@lemm.ee
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      As a cyber security consultant, I can confirm. Not a single company out of hundreds I’ve performed PCI remediation for managed to completely comply with requirements, with some leaving major issues like storing cc info in a searchable plain text db for better “customer service”. There’s barely any enforcement for this.