On Fri, Mar 17, 2017 at 01:42:16PM -0400, valdis.kletni...@vt.edu wrote: > I gave up on thinking that PCI was something other than an extortion racket a > number of years ago, when somebody reported on the major breaches of the year > and noted that 100% of them were in full PCI compliance at the time of the > breach.
Although some of the largest breaches clearly were not PCI compliant, like TJX storing all pin/mag stripe info and credit card transactions for years and years before. I seem to remember something about Target's breach being equally jaw dropping in violation. If the largest players can't even handle common sense.. The funniest PCI audit request I've come across is a customer had their PCI onsite auditor require the combination of their colo rack to be reset to 000 at the end of every visit. Not doing so would be a violation of their PCI security. _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
