undefined | Better HN

0 pointsJoshTriplett6y ago0 comments

If that doesn't work, there's also the argument that "credit card providers require it, and could stop you from taking credit cards until you fix it".

0 comments

SlowRobotAhead6y ago

You're right, but didn't have to. This guy when he could get past being mad at me knew that was against the rules. Also even if it was allowed, no one wants to shop at a place that says Not Secure.

Side topic, but I've been trying to explain to our terrible CFO for years that PCI / PCI DSS is a real thing. He thinks that's the type of regulation that only giant companies have to deal with.

toomuchtodo6y ago

Feel free to report your org to your merchant processor if necessary if you're not meeting compliance requirements and think you can get away with it without compromising yourself.

icedchai6y ago

Even if it says "secure", that doesn't mean it really is. I worked at a place in the 90's that hosted a some sites taking credit cards through HTTPS. You know what they did? They sent emails, in clear text, to people at the store that would enter / process the cards manually.

paulddraper6y ago

Even scalier than PCI compliance mumbo jumbo is customers not giving you any money.

Avery3R6y ago

this is what gave us the pay.reddit.com loophole back when reddit https was for people with gold only

j / k navigate · click thread line to collapse