itocopus:
I stand corrected!
This document is the PCI self-assessment questionnaire for smaller
merchants:
https://www.pcisecuritystandards.org/pdfs/pci_saq_v1-0.pdf
It lays out the requirements in detail (including encryption/
truncation) in one place and should answer all of the OP's
Encryption is a mandatory part of PCI compliance...
--
itoctopus - http://www.itoctopus.com
"Jim King" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
>
>
> Does encrypting credit card information really do any good? You have
> to store the keys somewhere to decrypt the data to use it
Does encrypting credit card information really do any good? You have
to store the keys somewhere to decrypt the data to use it. As we
have seen with blu-ray and HD DVD movies, the keys are the weak point
that are easily compromised. Besides, even encrypted data can be
decrypted by bru
Usually paying should be the last step, so you might probably want to review
your workflow.
Anyways, if you're storing the credit card in the database, then why are you
also storing it in the session, you can just query the database for the
credit card based on the session id (so you should also st
4 matches
Mail list logo
