Originally Posted by till
Just install all Debian updates and your system is safe.
You know that, and I think that, but how to convince the banks of that? McAfee claims to offer a free PCI scanning service. They seem to think that because the latest apache is 2.2.15, any system running 2.2.9 is at risk.
Without a certificate saying that the system is PCI compliant, the banks make things very difficult for online merchants. After all, they may lose thousands of millions of pounds and need helping out by the taxpayers - oh, no, that's the banks!
Seriously, I do believe that my system is secure and up-to-date, but I want to make sure I'm on solid ground before arguing with the bankers.