thePCI Portal

Don’t descope your redirecting ecommerce web server!

Another fresh article regarding the risks to consider when implementing a fully redirected e-commerce solution.  Benj Hosack writes about something the forensics team at Foregenix have seen.  While it discusses a few variants that are not specifically of the SAQ A variety, it has a few relevant examples of risks.

And don’t forget about the old misdirection and read: If a website uses a hosted payment page redirect, is the web server in scope for PCI DSS v3.x?

Ad below this line:

Leave a Reply