PaulDotCom mailing list archives
Re: CC numbers stored on planes
From: Scott Rosenthal <scott.r.rosenthal () gmail com>
Date: Tue, 24 Jan 2012 08:22:18 -0500
My response wasn't about assuming that they were PCI compliant I was implying that they are required to be PCI compliant. If they aren't required to be PCI compliant I would love to see where that information is published. If I were conducting a pen test I would obviously be validating that the information was in fact encrypted. The way I understood Robin's question was that he was merely questioning the storage of those cards. I am not including travel agents or third party service providers. I was merely speaking to the transactions that the airlines accept on behalf of themselves. As to how good the assesors are, that is an entirely different topic. On Tue, Jan 24, 2012 at 7:56 AM, Tony Turner <tony_l_turner () yahoo com>wrote:
Many airlines are not PCI compliant. There are complexities to their business model with airports, common use platforms and travel agents that create significant difficulties. This was why we created an informal SIG for Air Travel PCI. Bottom line, don't assume. Sent from Yahoo! Mail on Android ------------------------------ *From: *Scott Rosenthal <scott.r.rosenthal () gmail com>; *To: *PaulDotCom Security Weekly Mailing List < pauldotcom () mail pauldotcom com>; *Subject: *Re: [Pauldotcom] CC numbers stored on planes *Sent: *Tue, Jan 24, 2012 12:42:11 PM Hi Robin, here in the states many if not all of the airlines are required to be PCI compliant. That being said those devices should be considered in scope by the company that is performing their assessment. If they are truly PCI compliant, all of the credit card numbers stored on those devices should be encrypted. I hope that helps. Scott On Mon, Jan 23, 2012 at 10:13 PM, Robin Wood <robin () digininja org> wrote:I've been on quite a few planes where the duty free and the bar allow people to pay by credit card. I'd guess the data is stored and downloaded to be processed at the end of each flight, if so, that is a great target for card thieves. I wonder how many are actually properly protected? Robin _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- CC numbers stored on planes Robin Wood (Jan 23)
- Re: CC numbers stored on planes Bacon Zombie (Jan 24)
- Re: CC numbers stored on planes Scott Rosenthal (Jan 24)
- Re: CC numbers stored on planes Bill Swearingen (Jan 24)
- Re: CC numbers stored on planes Robin Wood (Jan 24)
- <Possible follow-ups>
- Re: CC numbers stored on planes Tony Turner (Jan 24)
- Re: CC numbers stored on planes Scott Rosenthal (Jan 24)
- Re: CC numbers stored on planes David Freedman (Jan 24)
- Re: CC numbers stored on planes Tony Turner (Jan 24)
- Re: CC numbers stored on planes Robin Wood (Jan 24)
- Re: CC numbers stored on planes David Freedman (Jan 24)
- Re: CC numbers stored on planes Scott Rosenthal (Jan 24)