What is a well known 'public secret' in the industry you work in that the majority of outsiders are unaware of?

NotSpez@lemm.ee to Ask Lemmy@lemmy.world – 629 points –
654

You are viewing a single comment

I have worked for 5 different companies that needed to be PCI compliant and every one of them will fully decided not to do certain things. Not all of them were even hard, a lot of times it was simply the person making the decisions just didn't want too.

So that's mine. Credit card security is not taken seriously but the vast majority of places that accept credit cards

That's because it's an opportunity cost to be caught out of compliance, but overhead to be in compliance. And in many cases less expensive to be caught out of compliance than stay in compliance. Especially for small companies.

As a cyber security consultant, I can confirm. Not a single company out of hundreds I've performed PCI remediation for managed to completely comply with requirements, with some leaving major issues like storing cc info in a searchable plain text db for better "customer service". There's barely any enforcement for this.