Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

How are shops hacked with PCI compliance?


bl00b

Recommended Posts

I've read some stories online about big companies getting hacked, that were supposedly 'PCI Compliant' -- how does this happen?

Isn't the requirement of PCI to have routine scans probe your site for vulnerabilities?

Link to comment
Share on other sites

I'm no expert on the subject, but sometimes vulnerabilities aren't realized until after they've been exploited (at least once)...

>_<

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

A lock on the door is no guarantee that someone won't break in some way (smash the lock or go through a window). A site may be PCI compliant, but that's like trying to scare ants away from your picnic by throwing food at them. Hackers are determined to get in, and will try all sorts of measures to do so, including "social engineering" (tricking customers or people on the inside into handing over passwords, etc.). It's a never-ending battle to secure sites, and there will always be intrusion attempts, and once in a while one will succeed. As @germ said, PCI compliance means that known vulnerabilities are sealed up (to certain standards), but hackers are creative and will constantly come up with new means to break in. I may have burglar bars on my windows, but someone sooner or later is going to try to wiggle down the chimney flue.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...