Results 1 to 4 of 4
Apr 12, 2013, 19:17 #1
PCI Compliant Storing Half Credit Card
PCI Compliance is scary business and I don't have the time to manage someone's server.
My client needs to be able to pass a Credit Card to a 3rd party over the phone, the problem
is storing it on-site is illegal without PCI compliance.
Can I encrypt and store 1/2 of the Credit Card number, and email the other 1/2 to a Gmail account?
Would this be considered shady practice? Is it even legal?
Apr 13, 2013, 10:06 #2
No, you cannot do that. Don't even think of using email or the system the client is proposing. Have the client get a merchant account and payment gateway.Logic without the fatal effects.
All code snippets are licensed under WTFPL.
Apr 13, 2013, 14:27 #3
- Join Date
- Sep 2005
- Sydney, NSW, Australia
- 19 Post(s)
- 1 Thread(s)
Storing any part of a credit card number across thousands of email servers (as happens when emails are sent) is about the worst possible breach since then it is available in lots of places and not just one place - and even one place is one more than PCI allows.
Apr 13, 2013, 20:36 #4