Jump to content

PCI Compliance

style="text-align: center;">  

Thread Locked

because no one has posted on it for the last 3656 days.

If you need to add something to this thread then


Please click the "Report " link


at the bottom of one of the posts.


If you want to post a new story then


Start your own new thread

That way you will attract more attention to your story and get more visitors and more help 



Recommended Posts

We're all getting spam about PCI compliance and banking policy. Is it legal?

Reading between the lines it seems the banks have been "shaking hands" for proffit again. Internet security is abysmal, but banks wish to sell Internet banking because it's a high profit margin, even with level of fraud. 10 years down the line bankers still can't stop Internet fraud and can't be bothered to invest in better security so now they are insisting blame fall on the client if thier network is targetted and hacked.

The last spam received from this American PCI company contained the email addresses of around 250 other companies. Sending the email addresses of others in thier database doesn't sound very smart to me. Nor does it sound like the action of a competent security company.


I have no intention of submitting security deatail of any of my customers to a company which shows this level of incometance, or for that matter to any database which I have no control over. Where do we stand regarding the law? Can a client be held responsible by the bank if hacked?

Link to post
Share on other sites

Hi Ivan,


Sorry, but what is PCI.


The banks have a long history of trying to sell products to cover for events which you don't need cover for. If you are the victim of fraud but are not responsible for it, you should be able to get back any monies taken fraudulently.


The bank is obliged to refund even while they investigate under rules brought in at the end of 2009 by the FSA.



We could do with some help from you

                                                                PLEASE HELP US TO KEEP THIS SITE RUNNING



                                            Have we helped you ...?  Please Donate button to the Consumer Action Group


Please give something if you can. We all give our time free of charge but the site has bills to pay.


Thanks !:-)

Link to post
Share on other sites

The security Industry is using PCI to mean Payment Card Industry. First proposed around 2002 it came into force this year. Barclays insist anyone handeling customer credit card information must follow the new rules laid down or potentially be held liable for loss in the event thier computers are hacked. Basically you must now register your company security details with Barclays chosen American security company and subject your PC or network to regular external checks. Effectively slic123, its a means of the bank cutting the cost of Fraud by blaming the customers security. "Reasonable care" is one thing and the principle can't be argued, but consider this: 1) The business is forced into giving it's security details to another company. 2) The security company currently doesn't know how to protect it's email database, let alone customer database. 3) If a new security exploit is discovered and the company is hacked, both Barclays and CC companies can wash thier hands of the blame. 4) Small IT companies providing Internet securety services to clients must qualify thorugh a governing security company that doesn't know how to send email without reveiling everyone in the email list. It seems to me there's a bigger risk in signing up than keeping personal security details personal. So... Can a company be held liable for not complying with these new banking rules?

Link to post
Share on other sites
  • Recently Browsing   0 Caggers

    No registered users viewing this page.

  • Have we helped you ...?

  • Create New...