Re: PCI compliance

[Drsolly <drsollyp () drsolly com>]

On Thu, 2 Apr 2009, Rob, grandpa of Ryan, Trevor, Devon & Hannah wrote:

> There's a shop that X has to deal with.  They are the only game in town for quite 
> a region, so they do a lot of business by phone and email.  X placed an order this 
> morning--and was asked if X wanted the order charged to (credit card brand).  X, 
> having had numerous conversations with me about PCI DSS, was rather surprised, 
> and asked why the shop was keeping credit card info.  Oh, says shopkeeper, we 
> don't keep it on the computer.  We keep it in the book, and put the book in the 
> safe every night ...
>
> (In a rather bizarre way, I think that, at the moment, this practice is marginally 
> safer than keeping it on the computer.  But I still think the logic is questionable ...)
 
The logic is impeccable. PCI DSS is only concerned about data kept in 
electronic form. By using pencil and paper, he remains PCI DSS compliant. 
It's brilliant.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.