Imagine a large multinational with a significant online presence. Despite passing PCI and SOX audits with flying colors, they keep getting 0wnzored. Naturally, outsourcing the risk seems like next logical step. The next time they're on the front page of the WSJ, they can just say "Hey, it was just the guys we hired. Not us."
After a failed effort at building their own card processing center in Bangalore, [redacted] issues an open RFP and offers to send orders to all comers, after a minimal vetting process.
Your mission is to accept orders from [redacted] for processing. You have to implement the protocol to their specifications, and respond with an ack when an order is received to claim payment.
But the Internet is a hostile place, and despite every effort to get the information, [redacted] corp can't seem to tell you where orders are coming from so you can firewall to just their servers... Seems the network admin is out on sick leave the week of go-live. Still, this is a big account, so you have to accept any order that implements the protocol and hope for the best.
After a failed effort at building their own card processing center in Bangalore, [redacted] issues an open RFP and offers to send orders to all comers, after a minimal vetting process.
Your mission is to accept orders from [redacted] for processing. You have to implement the protocol to their specifications, and respond with an ack when an order is received to claim payment.
But the Internet is a hostile place, and despite every effort to get the information, [redacted] corp can't seem to tell you where orders are coming from so you can firewall to just their servers... Seems the network admin is out on sick leave the week of go-live. Still, this is a big account, so you have to accept any order that implements the protocol and hope for the best.
Comment