On Thu, 2 Apr 2009, Rob, grandpa of Ryan, Trevor, Devon & Hannah wrote:
> There's a shop that X has to deal with. They are the only game in town for > quite > a region, so they do a lot of business by phone and email. X placed an order > this > morning--and was asked if X wanted the order charged to (credit card brand). > X, > having had numerous conversations with me about PCI DSS, was rather > surprised, > and asked why the shop was keeping credit card info. Oh, says shopkeeper, we > don't keep it on the computer. We keep it in the book, and put the book in > the > safe every night ... > > (In a rather bizarre way, I think that, at the moment, this practice is > marginally > safer than keeping it on the computer. But I still think the logic is > questionable ...) The logic is impeccable. PCI DSS is only concerned about data kept in electronic form. By using pencil and paper, he remains PCI DSS compliant. It's brilliant. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
