You need to make your superiors aware of the PCI Compliance regulations. You're not actually breaking the law, but you may be breaking your contract with your merchant provider. I read all 80+ pages or so of my merchant account contract. Someone at your company should do the same to make sure that your development practices are in compliance.
--- In flexcoders@yahoogroups.com, Laurence MacNeill <lmacne...@...> wrote: > > At 09:35 AM 2/11/2010, you wrote: > > > > > >As far as I am aware you aren't allowed to store credit card numbers > >yourself without a weekly security audit from the card issuer... > > > Do what?! I've never heard of this... If that's the case, then the > company I work for has been breaking the law for YEARS! We store CC > data (encrypted, of course) in our current database so that if a > customer changes their mind, we don't have to reacquire the CC info > from them to charge (or refund) their account. > > In the Flex app that I'm writing, the plan is to continue to do the > same thing... > > And how would the CC issuers (dozens of 'em? Hundreds?) all have the > time to audit every company that uses CC info for any purpose > whatsoever? Doesn't sound possible to me. > > Laurence MacNeill > Mableton, Georgia, USA >
