As a PCI compliant company, we have to go to great lengths to secure any system that stores, processes, or transacts credit card data. If that included our email servers, that would put every single mail server, every single mail client, including smart phones, in scope for our PCI audit. That would be a complete nightmare. So we have rules to prevent credit card numbers from entering our environment.
-------- Eric Henson Server Team Manager PFS p: 972.881.2900 x 3104 m: 972.948.3424 www.pfsweb.com -----Original Message----- From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of John Levine Sent: Thursday, March 16, 2017 7:38 PM To: mailop@mailop.org Cc: da...@hireahit.com Subject: Re: [mailop] conventional wisdom, was Google rejects a TLS connection In article <1489684655.3176120.913642288.0d732...@webmail.messagingengine.com> you write: >You can make a rule against sending credit cards by email, but if >customer service reps know it works they might still encourage a >customer to do it as it's faster and easier than other options (fax, >mail) and when Something Bad Happens, the customer will rightly blame >the company. So just out of nosiness, when's the last time Something Bad Happened in real life due to sending credit card info by e-mail? This strikes me as cargo cult security advice, like changing your password every month. It might have made sense when people used shell accounts on vaxes with globally readable password files attached to thick ethernets that ran through unlocked janitors closets in student housing, but it makes little sense now. R's, John PS: The actual credit card risks these days are bulk theft from poorly secured databases at businesses, and hacked ATMs and point of sale terminals. See Brian Krebs's blog for endless examples. _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
