OT: Virtual terminals

From my experiences, it probably isn't. Virtually any electronic stoage is considered to be vulnerable at some point. In particular, logging into a virtual terminal and typing in the customer's data counts as storing sensitive data in an online computer, even though it only stays in the computer for milliseconds.

I went through this in considerable detail directly with the PCI Security Standards Council, as I wanted to use SagePay with Magento and, at that time, Magento only accepted SagePay Forms or SagePay Direct. Their view, which I had in writing, was that simply having sensitive data pass through our computers, even momentarily, counted as storing it for DSS purposes. This is far from clear in the documentation and took many weeks of correspondence to establish. It also moved our security level into the silly money range.

Fortunately, someone came up with a module that allowed Magento to work with SagePay Server, using iframes, so all data went directly from the customer's computer to the SagePay server and I didn't need to worry about it any more. I did, however, have to ban our previous practice of entering customer card details from telephone orders into the web site on our office computers, as that would still have involved sensitive data passing through our computers. Instead I had to set up a sign-on that would allow us to process the order without payment and charge it later through a dial-up terminal.

The problem is, if you get it wrong, nobody will tell you until your security is compromised and you end up with potentially unlimited liability for card losses.

Colin Bignell

Thats what you have a limited company for.

That won't protect a director who fails to show the expected level of skill or who acts negligently.

Colin Bignell

I bought a couple of flights between Buenos Aires and Iguazu Falls from LAN Chile two weeks ago and Paypal was an option. With great reluctance I ended up using the Paypal option as LAN Chile's system wouldn't accept the card details!

It surely is.