A New Post over at Krebs on Security:
On Nov. 23, one of the cybercrime underground’s largest bazaars for buying and selling stolen payment card data announced the immediate availability of some four million freshly-hacked debit and credit cards. KrebsOnSecurity has learned this latest batch of cards was siphoned from four different compromised restaurant chains that are most prevalent across the midwest and eastern United States.
We help clients maintain compliance with PCI standards but that is really just a minimalist approach. PCI compliance is not hard with a few exceptions, for the most part it is just good security. Most exceptions involve hosting your own eCommerce servers.
Web hosting is best left to professional hosting companies. Maintaining patches, good backups, and good network design takes a practiced hand. PCI compliance requires to go beyond the above and to be at the cutting edge of security releases with the knowlege and ability to deal with being off the normal releases of software like Apache and others.
