Re: UK Law Must Introduce Guest Checkout
Regrettably most companies treat PCI-DSS as an annual check-box exercise, cause they see it as a distraction and road block. Where if they used it as its intended, i.e. methodology / framework that would deliver a more hygienic practises, whilst this will not prevent a breach, it will speed up detection and remediation.
If you work for a company who's considering taking credit card payment.. take my advise, use a 3rd party payment services provider, that you can redirect the customers too. It will reduce what you have to do to be PCI-DSS compliant from 50-100 pages demands, down to about 10... (you'll fill in a SAQ A, rather than SAQ A-EP).
Biting the hand that feeds IT
