On Tue, Jun 22, 2010 at 9:43 AM, Scott Stroz <[email protected]> wrote: > I was under the impression that you cannot even store the CC number if > its encrypted (if its encrypted, it can be decrypted by hackers). I > was also under the impression that there needed to be a lot more > security for the server that stores the data.
There are different rules depending on the volume of transactions you do. If it's a low enough volume the requirements are lower and you do a "self assessment" which you can lie through your teeth on. The requirements for mid-high dollar volumes have it pretty expensive to get compliant and that's where you see alot of folks heading to third parties. At least that's what I THINK is true. At times PCI compliance is about as clear as mud -Cameron .. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-community/message.cfm/messageid:321672 Subscription: http://www.houseoffusion.com/groups/cf-community/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-community/unsubscribe.cfm
