Author Topic: Painless PCI Compliance  (Read 24438 times)

Offline Alex K

  • Product Manager
  • Newbie
  • *
  • Posts: 14
Painless PCI Compliance
« on: July 10, 2008, 11:45:43 AM »
Comodo has released its Painless PCI program!

This new way of thinking, aims to get the often forgot about smaller merchants PCI compliant as painlessly as possible. Not every business is blessed with a compliance officer or dedicated IT security resources. Compliance can be difficult to go at alone and so Comodo works with you to make the most Painless PCI compliance solution.

Start off with the absolutely free, easy to use HackerGuardian PCI Compliance Wizard to get a remediation plan for your business and complete the Self-Assessment Questionnaire (SAQ). Comodo guides you along the way with advice and explanations as you answer the questionnaire.

Once you have your remediation plan, Comodo products and services can be deployed to meet your compliance requirements and documentation you can send to your bank to prove it. No need to do a vendor assessment for every remediation item needed!

Not only does Comodo's Painless PCI program guide you to becoming PCI compliant, Comodo products and services will keep you compliant year after year.

Start your PCI compliance here: www.hackerguardian.com

Let us know what else we can do to make PCI compliance as painless as possible  ;)

Offline strass

  • Spammer
  • Newbie
  • *
  • Posts: 4
Re: Painless PCI Compliance
« Reply #1 on: December 17, 2010, 03:22:42 PM »
Hi
we have done the second pci compliance test.

Fortunately there are no security holes at all , but a few security issues and security notes. The hoster of our dedicated managed server is unwilling to solve the security issues on the machine, That comes from the plattform software that is installed on the machine, and which we do not use, such as webmail horde, and guestbook, and other services that is needed for network management and other stuff not good for anyone.

 What can we do?
They argument that there are a lot of merchants that do not do pci scans, as they have outsourced the whole payment process and do not save credit card data.
The same as ourselves. We do not save  nor trasnmit credit card data but would like to have the hackerguardian badge instead of security holes.

What can we do? change the hoster? We have long Term contract...

kind regards

Helen
Spam link removed by moderator

Offline Ronny

  • Product Translator
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 13539
  • Volunteer Moderator
Re: Painless PCI Compliance
« Reply #2 on: December 17, 2010, 03:38:30 PM »
If they are not critical I think you can flag them as False-Positive in HackerGuardian.
Volunteer Moderator
Any concerns? Please send me a PM or review the Forum Policy -  update Jan 3rd 2013!

Offline Ronny

  • Product Translator
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 13539
  • Volunteer Moderator
Re: Painless PCI Compliance
« Reply #3 on: December 17, 2010, 03:42:07 PM »
It is against the Forums policy to advertise commercial websites in signatures.

https://forums.comodo.com/new_member_information/forum_policy-t1516.0.html

Section 8.4;

Can you please remove them from your profile?
Volunteer Moderator
Any concerns? Please send me a PM or review the Forum Policy -  update Jan 3rd 2013!

Offline strass

  • Spammer
  • Newbie
  • *
  • Posts: 4
Re: Painless PCI Compliance
« Reply #4 on: December 17, 2010, 03:54:29 PM »
Hi Ronny done! sorry

Do you mean by flagging them as false positive we get the pass the pci compliance test? That does not sound healthy to me. I prefer to get the issue solved.

Helen
Spam link removed by moderator

Offline strass

  • Spammer
  • Newbie
  • *
  • Posts: 4
Re: Painless PCI Compliance
« Reply #5 on: December 17, 2010, 04:00:36 PM »
how can i get help form hackerguardian.com in order to solve the security issues stated on the audit. can they contact the hoster and help him find a solution?
regards

helen
Spam link removed by moderator

Offline Sal Amander

  • Retired Comodo Staff
  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 729
Re: Painless PCI Compliance
« Reply #6 on: December 17, 2010, 05:56:05 PM »
how can i get help form hackerguardian.com in order to solve the security issues stated on the audit. can they contact the hoster and help him find a solution?
regards

helen

Hello,

We as an ASV can not assist with mitigating the issues. We can only steer you in the right direction towards the solution. A qualified individual (such as a SysAdmin) should be able to look at the 'Vulnerability Report' and the system and determine what is and what isn't a false positive.
« Last Edit: December 17, 2010, 05:59:43 PM by Sal Amander »

Offline strass

  • Spammer
  • Newbie
  • *
  • Posts: 4
Re: Painless PCI Compliance
« Reply #7 on: December 21, 2010, 03:13:12 AM »
Hi Sal Amander
 cool name by the side. We are on a dedicated fully managed high end server. As we have no root access, the only think we can do is ask the hoster to do his homework or move to another more security conscious hoster.

After talking to the hoster  who is actually the sysadmin we happen to find out that they do not care at all! That's sad to know. They even said that we do not need pci scanning, and hacker guardian what for ? which purpose? PCI scanning  does not make any sense for us.... bla bla bla

i can really recommend anyone to get this pci scan to really see how clean or dirty the big hosters of dedicated full managed high end enterprise business server really are.

Believe me you will be surprised how it looks behind the scene.
Spam link removed by moderator

Offline Ronny

  • Product Translator
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 13539
  • Volunteer Moderator
Re: Painless PCI Compliance
« Reply #8 on: December 21, 2010, 04:08:23 AM »
Hi Sal Amander
 cool name by the side. We are on a dedicated fully managed high end server. As we have no root access, the only think we can do is ask the hoster to do his homework or move to another more security conscious hoster.

After talking to the hoster  who is actually the sysadmin we happen to find out that they do not care at all! That's sad to know. They even said that we do not need pci scanning, and hacker guardian what for ? which purpose? PCI scanning  does not make any sense for us.... bla bla bla

i can really recommend anyone to get this pci scan to really see how clean or dirty the big hosters of dedicated full managed high end enterprise business server really are.

Believe me you will be surprised how it looks behind the scene.
Isn't there anything in a Service Level Agreement where you can push them?
This is absolute bad behavior, specially for dedicated high-end service...  :-\
Volunteer Moderator
Any concerns? Please send me a PM or review the Forum Policy -  update Jan 3rd 2013!

 

Seo4Smf 2.0 © SmfMod.Com Smf Destek