Unexpected Costs

I thought I’d kick off this category of posts with an ever-evolving list of the costs associated with PCI-DSS compliance.

One that I’ve come across recently is the plethora of server changes that must be made (secure Headers, etc) and the code modifications that must go along with them. For instance, truly compliant sites will not utilize any inline CSS or JavaScript. And any external sources of scripts should be verified by a hash, not simply “allowed” through the settings.

More to come…

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.