A heated debate is about ready to start at work tomorrow...

One of my bosses sent out an e-mail stating that "To be PCI-Compliant, all users must re-set their passwords every 90 days!!"

This is for an e-commerce site where we are using a 3rd-Party Payment Processor but will be storing basic things like E-mails, Names, and Addresses.

I say that she doesn't understand what the PCI-Compliance Guidelines say...


Debbie