On Fri, Oct 4, 2013 at 5:36 AM, Brendan <[email protected]> wrote:
> > At this time, we do not believe the attackers removed decrypted credit or > > debit card numbers from our systems. > > For what reason do companies retain card numbers? > Adobe do a number of subscription-based services. They likely also do the "remember my card" style thing for general website purchases too. Per PCI requirements, the number stored will not include the CVV2 code, so even if they were able to be decrypted their use would be limited, however some sites (Amazon being the most visible) still don't enforce use of CVV2... Scott _______________________________________________ Link mailing list [email protected] http://mailman.anu.edu.au/mailman/listinfo/link
