Retailers look to exorcise credit-card data

Retailers look to exorcise credit-card data
Robert Lemos, SecurityFocus 2007-10-09

Beset by the public-relations nightmare of numerous data breaches, U.S. retailers proposed last week that they not be required to store credit-card data following a transaction.

Colapse all | Post comment

Retailers look to exorcise credit-card data 2007-10-10
David Bennett

Although I agree with storing data in a few secure locations as opposed to distributed, the bottom line is retailers need to protect customer data regardless if it contains credit card information or not. The definition of PII goes beyond credit card information. Retailers still need to implement be...

[ more ] [ reply ]

California's pending data law could be a roadblock 2007-10-11
Benjamin Wright, hack-igations.com

NRF proposes the innovative solution of requiring merchants to store just 'authorization code' and 'truncated receipt'. This is the kind of creative thinking the industry needs. However, this solution might be illegal under California's pending Assembly Bill 779. The words of AB 779 are unclear and ...

[ more ] [ reply ]

Solid and practical 2007-10-16
DaveC (1 replies)

I'm the CTO of a company that offers, among other things, online transaction services. I established a policy from the start of not storing credit card data, as simple security common sense (we outsource that to the card processors) and this has stood us in good stead with the subsequent introductio...

[ more ] [ reply ]

Re: Solid and practical 2007-10-23
Sandu Mihai

First of all, if a retailer is not storing anything (even the confirmation code and whatever other stuff) it will tend to relax his security practices on the idea: Oh, that golden data is at the uber-data-fortress, the bad guys won't hit me.

WRONG. If a hacked modifies the retailer's system to send...

[ more ] [ reply ]