Paid Advertising
web application security lab

Scanless PCI

Well, today is the day. We can finally stop having discussions about the value of PCI, because there is a new product on the market that solves all the business needs without the pesky problems of wishy washy compliance regulations. It’s called Scanless PCI. The premise is pretty simple, go to the website, grab the code, throw it on your website and poof. You’re PCI certified. No fuss, no muss.

The beauty of this system is that everyone gets what they want. Awareness, certification, and of course, protection from PCI fines. We don’t have to sit around spinning yarns about what is and isn’t a secure web site, or what the definition of PCI 6.6 means or what have you. No more! I’m glad we can finally put this entire thing to bed. Not that I take credit cards, but I might just get it myself. It’s so easy!

17 Responses to “Scanless PCI”

  1. Giorgio Maone Says:

    ROTFL!!! :D

  2. Ronald van den Heetkamp Says:

    Sounds like.. ehm.. “Hacker Safe” ? ;)

  3. donwalrus Says:

    looks like a great idiot-tracking system to me.

  4. Dave Ockwell-Jenner Says:

    Just… wow! The sad part is that I anticipate a number of people will actually fall for it :-)

  5. tancurrom Says:

    I don’t trust anyone that uses Comic Sans.

  6. id Says:

    I’m buying 2 at that price!

  7. Fraggeleh Says:

    “In the event of a security breach during the certification period, Scanless PCI will pay damages according to industry averages, as determined in binding arbitration. Scanless PCI guarantees to meet or exceed the standards of our competitors.”

    Build a site, put their picture on it, and hack it. Then claim benefits and sue them in court. Way to cover their asses? It’s like setting a bottomless hole for them to step into

  8. RSnake Says:’_Day

  9. Awesome AnDrEw Says:

    I figured this was an April Fool’s day prank, but I was still compelled to put the image on a remote site at first just to see whether or not any visits would actually take place.

    Great tactic!

  10. ehmo Says:

    best idea ever :) i’m now PCI scanned and 100% safe :)

  11. TheHorse13 Says:

    Following their “certification” link goes to a blocked Malicious Web Site (by Websense). lol. How surprising.

  12. Fraggeleh Says:

    I was kind of tipped off about the joke when I noticed huge js files from “roxer”, which turned out to be created by Jeremiah Grossman. :P

  13. id Says:

    Well if Jeremiah is selling I’m buying 12!

  14. Tom Says:

    In PCI 6.6 segment of the PCI standard there is a software called dotDefender that protect from web application attacks.
    You can download a 30 days trial to start using the software and watch how your attacks are being stopped. or

  15. RSnake Says:

    @Tom - are you sure you want to advertise your stuff on an April fool’s joke making fun of PCI?

  16. Lawrence Pingree Says:

    So since when does complying with PCI mean you are “secure”? lol

  17. MBridge Says:

    While some people are dismissive of PCI, it is arguably one of the better standardized security programs out there today. Few if any industries have taken even preliminary steps towards outlining security standards their members must adhere to. The credit-card companies on the other hand have spent considerable time and effort towards helping their customers and end-consumers.

    While not a panacea, it is a good first step.