On Thu, Feb 16, 2012 at 08:20:15PM -0800, Dave Close spake thusly: > Maybe not illegal nor unethical, but isn't this a violation of PCIDSS? > I thought card accepters were required not to keep card numbers. True?
False. You can store card numbers. But it subjects you to much greater security requirements. Also note that PCI is not law, merely an agreement with your card processor. Lots of companies, especially small ones, flaunt it. There is virtually no enforcement of PCI unless you are massively huge like Target OR you have an intrusion which leaks card data. -- Tracy Reed _______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
