Hi Stig, > It is interesting though that ASB has changed its interpretation of > PCI > compliance. If you are not storing the information in any kind of > persistent format (beyond the page execution) then surely your > exposure > to the information is the same as the user's keyboard, keyboard > driver, > operating system, browser etc.
The problem is the acquirer takes the risk on the merchant's behalf, and doesn't know whether the merchant's system is storing the card details (intentionally or otherwise) or not. That's the point of PCI, to certify that the merchant's systems follow best practice and to minimise the acquirer's risk. Kind regards, James McGlinn __________________________________ CTO Eventfinder Limited Suite 106, Heards Building 2 Ruskin Street, Parnell, Auckland 1052 Phone: +649 365 2342 Mobile: +6421 633 234 [email protected] | www.eventfinder.co.nz --~--~---------~--~----~------------~-------~--~----~ NZ PHP Users Group: http://groups.google.com/group/nzphpug To post, send email to [email protected] To unsubscribe, send email to [email protected] -~----------~----~----~----~------~----~------~--~---
