Hacker News new | past | comments | ask | show | jobs | submit login

If that doesn't work, there's also the argument that "credit card providers require it, and could stop you from taking credit cards until you fix it".



You're right, but didn't have to. This guy when he could get past being mad at me knew that was against the rules. Also even if it was allowed, no one wants to shop at a place that says Not Secure.

Side topic, but I've been trying to explain to our terrible CFO for years that PCI / PCI DSS is a real thing. He thinks that's the type of regulation that only giant companies have to deal with.


Feel free to report your org to your merchant processor if necessary if you're not meeting compliance requirements and think you can get away with it without compromising yourself.


Even if it says "secure", that doesn't mean it really is. I worked at a place in the 90's that hosted a some sites taking credit cards through HTTPS. You know what they did? They sent emails, in clear text, to people at the store that would enter / process the cards manually.


Even scalier than PCI compliance mumbo jumbo is customers not giving you any money.


this is what gave us the pay.reddit.com loophole back when reddit https was for people with gold only




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: