There's a shop that X has to deal with. They are the only game in town for quite a region, so they do a lot of business by phone and email. X placed an order this morning--and was asked if X wanted the order charged to (credit card brand). X, having had numerous conversations with me about PCI DSS, was rather surprised, and asked why the shop was keeping credit card info. Oh, says shopkeeper, we don't keep it on the computer. We keep it in the book, and put the book in the safe every night ...
(In a rather bizarre way, I think that, at the moment, this practice is marginally safer than keeping it on the computer. But I still think the logic is questionable ...) ====================== (quote inserted randomly by Pegasus Mailer) [email protected] [email protected] [email protected] Nunc Tutus Exitus Computarus http://victoria.tc.ca/techrev/rms.htm http://blog.isc2.org/isc2_blog/slade/index.html http://twitter.com/rslade http://blogs.securiteam.com/index.php/archives/author/p1/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
