» Email This Article to a Friend | Del.icio.us | Digg This | Slashdot «
A solution for PCI compliance - Stop storing data…
October 9th, 2007 in: Data Security Sites
Computer world magazine just published an article regarding the move for all businesses that accept credit cards to become PCI compliant.
This article covers the basic fact that retail store owners are required to store receipts with full credit card numbers on them for 18 months (they are in case you didn’t know!).
The problem with the whole system which is clearly outlined in the article, is that if card numbers were never stored, there wouldn’t be any need for PCI compliance. Since they are required to be stored by Visa and MasterCard, the system simply perpetuates itself.
» Email This Article to a Friend | Del.icio.us | Digg This | Slashdot «
1 Comment (Add your own)
1. Lauri | October 10th, 2007 at 12:58 am
From the PCI DSS document itself:
“PCI DSS requirements are applicable if a Primary Account Number (PAN) is stored, processed, or
transmitted.”
Processing and transmission is still a concern. It’s not only about storage.
(If you refer to handing the processing and transmission part to a third party, then I’m sure storage be handled the same.)
p.s. On a related note, retail stores are quite amazing. I was recently in a supermarket in Prague (Tesco possibly?). After paying, I was about to throw my receipt away. One of our security guys took it out of curiosity and found that the system they had built/installed printed full credit card numbers onto receipts.
Some HTML allowed:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>
Trackback this post | Subscribe to the comments via RSS Feed