Author |
Message |
leaferikson
Site Supporter
Location: Bothell Joined: Tue Nov 17, 2015 Posts: 382
|
Noticed a post in the FFL area about a vendor working on PCI compliance for taking credit cards. I wanted to offer free consultation to any small FFL if they run in to issues or have concerns regarding PCI compliance or security. I've been in this field for 10 years, and I'd love to help anyone that needs it.
|
Wed Apr 27, 2016 6:37 pm |
|
|
Guntrader
In Memoriam
Location: Mukilteoish Joined: Sat Mar 26, 2011 Posts: 11595
|
Generous offer. PCI compliance is a whole new can of worms for a lot of people. I've had prospective clients bitching about why they couldn't download malware screensavers, store credit card numbers in plain text, and couldn't keep the same password they used for the past 8 years.
_________________ NRA Endowment Member. How did they know my member was well endowed?
|
Wed Apr 27, 2016 6:49 pm |
|
|
leaferikson
Site Supporter
Location: Bothell Joined: Tue Nov 17, 2015 Posts: 382
|
Guntrader wrote: Generous offer. PCI compliance is a whole new can of worms for a lot of people. I've had prospective clients bitching about why they couldn't download malware screensavers, store credit card numbers in plain text, and couldn't keep the same password they used for the past 8 years. My first day at a really well known company, IT told us "just use a pets name and add the number one on the end, then when you have to update, you just make it two"
|
Wed Apr 27, 2016 7:03 pm |
|
|
Guntrader
In Memoriam
Location: Mukilteoish Joined: Sat Mar 26, 2011 Posts: 11595
|
I have seen the 'increment by one' scheme, may have even been in literature from PCI.
My ex was a pension analyst for the Teamsters Trust. They had to change passwords every two weeks, couldn't contain more than 7 characters from the last password, upper, lower, number, extended characters, etc. So they just taped them to their monitors or desk.
Weakest link in infosec is always people.
_________________ NRA Endowment Member. How did they know my member was well endowed?
|
Wed Apr 27, 2016 7:11 pm |
|
|
leaferikson
Site Supporter
Location: Bothell Joined: Tue Nov 17, 2015 Posts: 382
|
Guntrader wrote: I have seen the 'increment by one' scheme, may have even been in literature from PCI.
My ex was a pension analyst for the Teamsters Trust. They had to change passwords every two weeks, couldn't contain more than 7 characters from the last password, upper, lower, number, extended characters, etc. So they just taped them to their monitors or desk.
Weakest link in infosec is always people. For sure, sometimes people forget the balance between productivity and security. Too Secure = No business
|
Wed Apr 27, 2016 7:12 pm |
|
|
3584ELK
Site Supporter / FFL Dealer
Location: Lake Andes, S. Dakota Joined: Thu Aug 8, 2013 Posts: 1250
Real Name: Mark
|
Very generous of you- for my business, I am going to run the SAQ again and see if I am compliant. Last time I was only one or two questions shy of the green light.
PCI compliance is far beyond password security in complexity, scope, and depth.
It has been an experience...
_________________"To compel a man to furnish funds for the propagation of ideas he disbelieves and abhors is sinful and tyrannical." - Thomas Jefferson
|
Wed Apr 27, 2016 7:38 pm |
|
|
lunacite
Site Supporter
Location: Snohomish County Joined: Tue Feb 21, 2012 Posts: 1146
|
It sucks having to make any services I offer ITAR compliant.
|
Wed Apr 27, 2016 10:07 pm |
|
|
Col_Temp
Site Supporter
Location: Lake Stevens Joined: Fri Jan 3, 2014 Posts: 6166
Real Name: Paris
|
Are you looking or interested in working with other companies on this compliance? I know its a pain and some of my clients have been messing with it off and on. When it comes up again you have any desire to assist (for pay of course).
_________________Paris You can never be too prepared. Consider the ant thou sluggard. Proverbs 27:12 -- “A prudent person foresees the danger ahead and takes precautions. The simpleton goes blindly on and suffers the consequences.”Need Long term Food or Survival Supplies, I have extras, Grab the Supplies_Available.pdf. Prices Quoted are close to my actual cost: https://backupcomputing.workplace.datto.com/filelink/6af06-883bf7e-31d469c0e1-2Link corrected 1/30/2021. The prudent Wagunner trains and prepares to defend themselves and their families, friends, and neighbors. They also are prepared to feed, shelter, and provide aid as well. Danger is coming and may already be here, how prepared are you? Click the link above for lots of good info to get started.
|
Sat May 25, 2019 11:49 am |
|
|
Massivedesign
Site Admin
Location: Olympia, WA Joined: Fri Mar 11, 2011 Posts: 38292
Real Name: Dan
|
Col_Temp wrote: Are you looking or interested in working with other companies on this compliance? I know its a pain and some of my clients have been messing with it off and on. When it comes up again you have any desire to assist (for pay of course). Paris... This was a 3 year old thread man...
|
Sat May 25, 2019 12:35 pm |
|
|
Col_Temp
Site Supporter
Location: Lake Stevens Joined: Fri Jan 3, 2014 Posts: 6166
Real Name: Paris
|
Massivedesign wrote: Col_Temp wrote: Are you looking or interested in working with other companies on this compliance? I know its a pain and some of my clients have been messing with it off and on. When it comes up again you have any desire to assist (for pay of course). Paris... This was a 3 year old thread man... Yeah but I'm pretty sure he is still around.... I'll message him and see.
_________________Paris You can never be too prepared. Consider the ant thou sluggard. Proverbs 27:12 -- “A prudent person foresees the danger ahead and takes precautions. The simpleton goes blindly on and suffers the consequences.”Need Long term Food or Survival Supplies, I have extras, Grab the Supplies_Available.pdf. Prices Quoted are close to my actual cost: https://backupcomputing.workplace.datto.com/filelink/6af06-883bf7e-31d469c0e1-2Link corrected 1/30/2021. The prudent Wagunner trains and prepares to defend themselves and their families, friends, and neighbors. They also are prepared to feed, shelter, and provide aid as well. Danger is coming and may already be here, how prepared are you? Click the link above for lots of good info to get started.
|
Fri Jun 07, 2019 1:45 pm |
|
|
|