[clug] The 1st Internet Tax is here.
Daniel Pittman
daniel at rimspace.net
Thu Nov 13 00:50:48 GMT 2008
Alex Satrapa <grail at goldweb.com.au> writes:
> On 13/11/2008, at 11:37 , Daniel Pittman wrote:
>
>> When working for a client who did hold the credit card numbers we
>> actually had a less pleasant situation: we had no option but the PCI
>> audits, which are quite a costly affair.
>
> Are you talking about the situation where, for example, the credit
> card number is stored in the CRM system to allow regular charges to be
> made for subscription services, while actual payment processing is
> still done by a third party?
No, in this particular case we held the credit card numbers, encrypted,
long enough to deliver them to the third party who ran the service we
acted as a payment gateway for.
So, we actually held them less long than your CRM system would, since
most of them were out the door and securely removed within a few
minutes.
However, yes, that situation would (as far as I can tell) qualify for
*at least* the minimum level of PCI scrutiny, and possibly more.
Regards,
Daniel
More information about the linux
mailing list