A PABP compliance press release that raises some concerns...

While scanning though my RSS feeds this morning (Which I have neglected in the past few weeks), I ran into a PABP product release. Let me just include the relevant portions here and not list the company name.

___ is a PCI PABP v1.4 (Payment Application Best Practices) validated payment application, Visa USA accepted ___ as validated based on the review by Trustwave, a well known QSR. ___ runs on Windows 98 through Windows Vista and supports _____.

Two things that struck me.

  • Trustwave is a QSA ( actually PA-QSA in this role) not a QSR - (Quick Service Restaurant ? )
  • Windows 98 ? Windows 98 is not secure, and is at End-of-Life (July 2006), does not receive new security patches, and is not something that I would recommend to anyone implementing a new payment application.

How can a a payment application be PABP compliant on an non-secure, not supported, EOL’ed OS ? Interesting….


Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now