[Kolab-devel] PCI compliance?

[Jerry Pommer]

Gunnar Wrobel wrote:
> Zitat von Jerry Pommer <jpommer at bynari.net>:
>
>   
>> Hello all,
>>
>> Here in the United States, businesses that accept credit cards through
>> websites and such are expected to comply with the Payment Card Industry
>> Data Security Standard:
>>
>> http://www.pcicomplianceguide.org/pcifaqs.php
>>
>> Part of compliance with this standard includes subjecting your network
>> to a "compliance scan" and audit every six months. The scan and manual
>> audit identify vulnerabilities in firewalls and installed software. To
>> meet the compliance standard you might have to upgrade Apache or PHP,
>> for example, if the version you are running is known to contain a
>> vulnerability that could compromise the security of your customer's
>> credit card transaction data. Failure to comply may result in fines and
>> other costs levied by the credit card companies until the problem is
>> resolved.
>>
>> Is the Kolab development community paying attention to this, and taking
>> steps at regular intervals to patch the server when necessary? I have
>> searched the list archives back to January 2009 and found no discussion
>> of such.
>>     
>
> We do take security serious of course and if you look at  
> http://kolab.org/ you will see that we publish security fixes when  
> required.
>
> I do not know anything about PCI-compliance though but that might be  
> linked to the fact that I'm a developer living in Germany. My focus is  
> on the technical side of the server. I added Georg and Paul on cc.  
> They should be able to provide more details.
>
> Cheers,
>
> Gunnar
>
>
>   
Thanks for your reply, Gunnar. I am unsure about the need for compliance
to this standard outside the USA, and it  is not surprising that you may
not be familiar with it. Not all of our customers have this concern, but
the few that do... it is indeed an important requirement of their business.