Hi Timothy Yes, it's curently VSAM and QSAM, we don't have any databases. But the PCI-S standard to which we're having to comply (see the relevant VISA web sites for more details) specifies that ANY data file stored permanently on disk must have cardholder information encrypted so, basically, any access method is affected.
Of course there are many ways in which the original problem of cardnumber theft could have been avoided right back at the original application design phases (for instance, by not using the actual card numbers in application processing, but using it instead right at the transaction acquisition stage as a look-up to some sort of 'account' number/key, which is passed throughout processing instead but means nothing to unauthorised viewers if the transaction file should fall into the wrong hands) but these sort of things are way too late now and we have to live with the sledgehammer to crack a nut policies. Brian - ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html