Retailers look to exorcise credit-card data

Retailers look to exorcise credit-card data
Robert Lemos, SecurityFocus 2007-10-09

Beset by the public-relations nightmare of numerous data breaches, U.S. retailers proposed last week that they not be required to store credit-card data following a transaction.

Expand all | Post comment

Retailers look to exorcise credit-card data 2007-10-10
David Bennett

California's pending data law could be a roadblock 2007-10-11
Benjamin Wright, hack-igations.com

Solid and practical 2007-10-16
DaveC (1 replies)

Re: Solid and practical 2007-10-23
Sandu Mihai

First of all, if a retailer is not storing anything (even the confirmation code and whatever other stuff) it will tend to relax his security practices on the idea: Oh, that golden data is at the uber-data-fortress, the bad guys won't hit me.

WRONG. If a hacked modifies the retailer's system to send him the CC and other info upon a confirmed transaction, the requirement of 'not storing the data' will not improve anything.

I think a real set of policies and security requirements must be enforced upon anyone handling _sensitive_ data. Not only secret plans of mechanical nuclear squirrels are sensitive. Credit Card data, medical history, etc. are also sesitive.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/11491/34877#34877