Announcement

**Mark H** · 13-Jan-2009, 06:18 PM

"Merchant web sites hosted on Actinic servers are fully PCI DSS compliant provided that they use a Payment Service Provider that is itself fully PCI DSS compliant and the card details are captured at the payment provider �s servers"

And this doesn't mean that the servers have to be PCI secure as judged by the likes of Security Metrics.

**RuralWeb** · 13-Jan-2009, 06:20 PM

And this doesn't mean that the servers have to be PCI secure as judged by the likes of Security Metrics

True so you can stick your logo where the sun dont shine

**RuralWeb** · 13-Jan-2009, 06:41 PM

From the secure metrics website:

Is Site Certification Easy?
It is easy. Site Certification does not require any software installation, software configuration, training or costly maintenance. All your technical support is included and there are no hidden fees.

SecurityMetrics does not require confidential system information or access to your systems. You simply enroll and the service is scheduled to run at your convenience. Simplify Merchant Compliance
SecurityMetrics has streamlined the merchant compliance process:
1. Free compliance consultation
2. Automatic test scheduling
3. Online questionnaire
4. Unlimited telephone support
5. Easy acquirer reporting

SecurityMetrics is committed to help your organization comply with credit card association data security requirements. We provide unlimited support, unlimited retesting and questionnaire help to simplify the compliance process.

I think that they have demonstrated how easy it all is

**leehack** · 13-Jan-2009, 06:57 PM

To be fair to SM, they had probably never met Gavin before they wrote those guidelines

**RuralWeb** · 13-Jan-2009, 07:16 PM

they had probably never met Gavin

Ahhh - the old resonable use clause applies then

**GAViN��** · 14-Jan-2009, 03:45 PM

Finally Sorted

**parklifeclothes** · 14-Jan-2009, 03:49 PM

DISCLAIMER: THIS CERTIFICATE CONFIRMS THE SITE SHOWN ABOVE HAS BEEN TESTED FOR OVER 4400 SECURITY WEAKNESSES AND NO SIGNIFICANT SECURITY VULNERABILITIES WERE FOUND AT THE DATE SHOWN ABOVE. THIS CERTIFICATE DOES NOT IMPLY THE WEBSITE SHOWN ABOVE IS COMPLETELY INVULNERABLE TO UNAUTHORIZED ATTACKS.

With that sort of disclaimer is it worth the virtual paper its written on

?

**guccij** · 14-Jan-2009, 04:01 PM

Shame SM couldn't bring themselves to have a working link to the site in question. That's the very least they should do imo.

**GAViN��** · 14-Jan-2009, 04:09 PM

Originally posted by guccij View Post

Shame SM couldn't bring themselves to have a working link to the site in question. That's the very least they should do imo.

Thats a fair point, not sure if SM have a good PR Ranking it could help!

**bamboo** · 14-Jan-2009, 04:13 PM

There is so much wrong with the site in question from the marketing and retailing points of view that a silly & ultimately pointless Security Metrics Certificate is the last thing they should be worrying about IMHO.

They have an astonishing value proposition that used properly would be enough on its own to give the customer the confidence to buy and yet they choose to hide it

**GAViN��** · 14-Jan-2009, 04:14 PM

Originally posted by bamboo View Post

There is so much wrong with the site in question from the marketing and retailing points of view that a silly & ultimately pointless Security Metrics Certificate is the last thing they should be worrying about IMHO.

They have an astonishing value proposition that used properly would be enough on its own to give the customer the confidence to buy and yet they choose to hide it

you want to elaborate on what you mean?
We get quite a few orders per day every day as it happens.
The cert is there to give potential customers piece of mind. If its available to us we might as well use it than not.

**parklifeclothes** · 14-Jan-2009, 04:41 PM

For my mind, customers won't have a clue who SM are. Putting something like secured by Tesco for instance would have more clout as it's a brand near enough all of us have heard and trust

**RuralWeb** · 14-Jan-2009, 04:55 PM

Ive been building sites for a fair few years now and have in the process looked at thousands yet this is the first site I have ever seen with a SM logo on it. As Darron says it is totally meaningless to your average shopper and again as pointed out SM dont even have a list of sites using thier logo - I suspect because everyone gives up or takes one look at the crap logo and certificate and removes it.

gabes secured by john wane logo gets my vote

**Darren B** · 14-Jan-2009, 05:04 PM

Originally posted by RuralWeb View Post

gabes secured by john wane logo gets my vote

the new one with the golden padlocks

**RuralWeb** · 14-Jan-2009, 05:14 PM

golden padlocks

FANTASTIC - should increase sales no end.

Announcement

Weak SSL Ciphers on Remote Server - Help?!

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment