User login
Your2ndPlace.com Bloggers
- Alan Bamboo
- Arthur Fermi
- Ash Wade
- Cadence Juran
- Ciaran Laval
- Jezebel Bailey
- Konner McDonnell
- Marx Dudek
- Nobody Fugazi
- Sando Haller
- Sarah Nerd
Recent comments
- Pingback
1 day 22 hours ago - Re: Wrath of the Land King
2 days 6 hours ago - Re: Mainland improvements receive frosty welcome
3 days 20 hours ago - Re: Mainland improvements receive frosty welcome
4 days 3 hours ago - Re: Mainland improvements receive frosty welcome
4 days 12 hours ago - Re: Wrath of the Land King
4 days 23 hours ago - Re: Sarah, Nobody, Land, Bots, WSE, etc
5 days 19 hours ago - Wrath of the Land King
6 days 11 hours ago - Re: Zee - "No plans to change Openspace pricing"
6 days 21 hours ago - Re: Zee - "No plans to change Openspace pricing"
6 days 21 hours ago
Syndicate
Second Life® is a registered trademark of Linden Lab® , as are the Eye-in-Hand logo®, Hexagon logo™, inSL Cube logo™, Linden™ dollar(s), Linden Lab Hexagon logo™, LindeX™ , Second Life Eye-in-Hand logo®, Second Life Grid™ development platform, Second Life Grid logo™, SL™, SL™ world, SL Grid™, SLurl™, Teen Second Life™, Teen Second Life Eye-in-Hand logo™,TSL™, WindLight®,Your World. Your Imagination.™
PCI DSS, lets stop pretending we are finance companies
PCI - DSS
https://www.pcisecuritystandards.org/tech/
http://www.the-logic-group.com/Downloads/PCI_FAQ.pdf
If you start taking card payments via ATM, you will be bound and subject to the above. I would for a start question if the existing source payment method for second life (using the website not SL INGAME) is pci-dss. As it is outsourced one assumes its is.
However the moment you can enter a 'card detail' in SL and it propogates across the SL Metaverse to an aquirer it needs to be covered by PCI-DSS.
Just remind me how SL communicates with the outside world, oh
"LSL receives XML-RPC requests and passes them to the prim specified. It may not establish this connect, but it may reply and keep two-way communication with that server. These responses seem to be able to transport a largest amount of data out of Second Life (vs. Email and HTTP Requests)"
Note the HTTP not HTTPS, thats un encrypted data transfer. For it to be HTTPS every atm would need a secured certificate, or proxied server that was secured.
There is absolutely no way that this solution can meet PCI-DSS, Unless they bypass it by considering the 'cards to be gift vouchers'.
Zal.