funsec mailing list archives
Re: PCI compliance
From: Drsolly <drsollyp () drsolly com>
Date: Fri, 3 Apr 2009 23:18:00 +0100 (BST)
On Thu, 2 Apr 2009, Rob, grandpa of Ryan, Trevor, Devon & Hannah wrote:
There's a shop that X has to deal with. They are the only game in town for quite a region, so they do a lot of business by phone and email. X placed an order this morning--and was asked if X wanted the order charged to (credit card brand). X, having had numerous conversations with me about PCI DSS, was rather surprised, and asked why the shop was keeping credit card info. Oh, says shopkeeper, we don't keep it on the computer. We keep it in the book, and put the book in the safe every night ... (In a rather bizarre way, I think that, at the moment, this practice is marginally safer than keeping it on the computer. But I still think the logic is questionable ...)
The logic is impeccable. PCI DSS is only concerned about data kept in electronic form. By using pencil and paper, he remains PCI DSS compliant. It's brilliant. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- PCI compliance Rob, grandpa of Ryan, Trevor, Devon & Hannah (Apr 02)
- Re: PCI compliance Drsolly (Apr 03)
- Re: PCI compliance Rob, grandpa of Ryan, Trevor, Devon & Hannah (Apr 03)
- Re: PCI compliance Drsolly (Apr 04)
- Re: PCI compliance Rob, grandpa of Ryan, Trevor, Devon & Hannah (Apr 03)
- Re: PCI compliance Drsolly (Apr 03)