Laurence MacNeill wrote: > > > At 09:35 AM 2/11/2010, you wrote: > > > > > >As far as I am aware you aren't allowed to store credit card numbers > >yourself without a weekly security audit from the card issuer... > > Do what?! I've never heard of this... If that's the case, then the > company I work for has been breaking the law for YEARS! We store CC > data (encrypted, of course) in our current database so that if a > customer changes their mind, we don't have to reacquire the CC info > from them to charge (or refund) their account. > > In the Flex app that I'm writing, the plan is to continue to do the > same thing... >
My understanding is that PCI Compliance is not yet necessary for in-house products. -- Warm Regards, Lee
