PCI compliance

["Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rMslade () shaw ca>]

There's a shop that X has to deal with.  They are the only game in town for quite 
a region, so they do a lot of business by phone and email.  X placed an order this 
morning--and was asked if X wanted the order charged to (credit card brand).  X, 
having had numerous conversations with me about PCI DSS, was rather surprised, 
and asked why the shop was keeping credit card info.  Oh, says shopkeeper, we 
don't keep it on the computer.  We keep it in the book, and put the book in the 
safe every night ...

(In a rather bizarre way, I think that, at the moment, this practice is marginally 
safer than keeping it on the computer.  But I still think the logic is questionable ...)

======================  (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca     slade () victoria tc ca     rslade () computercrime org
                     Nunc Tutus Exitus Computarus
http://victoria.tc.ca/techrev/rms.htm 
http://blog.isc2.org/isc2_blog/slade/index.html http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.