I was under the impression that you cannot even store the CC number if its encrypted (if its encrypted, it can be decrypted by hackers). I was also under the impression that there needed to be a lot more security for the server that stores the data.
I will admit I am not 100% certain of what needs to be doen to be in compliance, but I do know the reason a lot of people use services likeSkipJack, auth.net, etc is because its cost prohibitive for a lot of small companies to maintain the servers in order to be PCI complaint. While storing the CC info on a shared DB server may not be illegal, it sure is stupid. On Tue, Jun 22, 2010 at 9:08 AM, Casey Dougall <[email protected]> wrote: > > On Tue, Jun 22, 2010 at 8:41 AM, Scott Stroz <[email protected]> wrote: > >> My question is, I know the credit card information this guy's >> customers are supplying to him is not secure, do I have an ethical >> obligation to report him? >> > > No, but you might have wanted to change your quote though ;-) > > Everyone has to get in compliance this year anyway so reporting is kinda > mute, he has to do it regardless. > > 1. Loop over existing cards and encrypt > 2. Delete CVV number, most payment API's don't even require it anyway. > 3. Change scripts to decrypt or encrypt when needed. > 4. Done > > There could be some additional areas of interest like who can see credit > cards in an administration interface, but it's fairly simple for these items > above. I have not seen anything that says you can't store data in a shared > DB, although of course it should be encrypted and you are not allowed to > store the CVV number. Everything else is related to the firewall and other > sections about who has access to the DB, card data and like that may not > even fall into your portion of the project. > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-community/message.cfm/messageid:321664 Subscription: http://www.houseoffusion.com/groups/cf-community/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-community/unsubscribe.cfm
