ergophobe - 3:33 pm on Apr 1, 2010 (gmt 0)

Get around that by hosting the site on your internal LAN

Or limit access by IP and only let people in if they're coming from the company IP.

Of course, there's security and there's security. It's not like any of those solutions would rise to the level of PCI compliance without serious effort (like if you have wireless LAN, you have to have someone assigned to review access records daily and you have archive access records for 1 year).