|
|
|
|
|
|
by kolev
4509 days ago
|
|
|
I've lead PCI Compliance and I know how it works, but large companies really try to do it right and implement the best practices and it costs them a lot. For example, you can't hire developers and assume they know OWASP guidelines - they need to pass formal training, get a certificate, etc. The SDLC also needs to accommodate for PCI Compliance, and so on. The self assessment questionnaire is for guidance. At the end of the day, you get audited, and you may have or not have to prove everything you declare you have in place. You also need to do periodic scans from a third party. And, yes, this can be implement with Bitcoin, but it will affect the cost of the service, so, my point is that the costs of credit card processing have a very good justification and are pretty low for that you get! |
|
|
No, with Bitcoin, you don't need PCI compliance, because there's no way fir the merchant or someone who hacks it to steal your wallet from the information they get. You only need to audit the exchanges / only wallets (the current equivalent of banks, which get audits anyway).
And by the way, the proof that those costs are not inevitable, is the fact that some countries like mine (Portugal) are already using sane push-based payment systems for decades now. and they are cheaper and easier for merchants than CCs. The advantage of Bitcoin is that it works internationally.