Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
Storing credit card info
Message
From
26/09/2013 11:17:03
Mike Cole
Yellow Lab Technologies
Stanley, Iowa, United States
 
 
To
26/09/2013 11:15:35
Viv Phillips
Hay-On-Wye, United Kingdom
General information
Forum:
Business
Category:
Legal
Title:
Re: Storing credit card info
Miscellaneous
Thread ID:
01584217
Message ID:
01584225
Views:
65
>>I know, I know, avoid if at all possible and use something like Authorize.NET.
>>
>>I'm being asked to store CC info in our DBs to perform recurring billing. "We're compliant" has been said and I've been told to use our broken encryption libraries to encrypt it. I need some info to throw back. Links to laws (state of Iowa), etc.
>
>Details of requirements for compliance here I think : https://www.pcisecuritystandards.org/documents/pci_dss_v2.pdf
>
>But If they are not already storing this information how can they claim to be compliant ?

They're already storing it other places (projects I wasn't involved with).

Is PCI the law or a guideline? I understand it to be the law, no exceptions. Just wanted to verify.
Very fitting: http://xkcd.com/386/
Previous
Next
Reply
Map
View

Click here to load this message in the networking platform