Trent and I have discussed this with a stewardess, yes it is stored into the little hand held machine, and then they dock it into the plane. When it docks, it transfers the cc# to a storage unit on the plane. When the plane lands, part of their procedures is to then charge those CC#s. She did not know about the state of the data (encrypted/etc).
Not that we have ever done this, but one can imagine replacing the mag stripe data on a valid credit card with random fail data, and ordering the whole plane a round on "us". On Tue, Jan 24, 2012 at 6:42 AM, Scott Rosenthal < [email protected]> wrote: > Hi Robin, here in the states many if not all of the airlines are required > to be PCI compliant. That being said those devices should be considered in > scope by the company that is performing their assessment. If they are truly > PCI compliant, all of the credit card numbers stored on those devices > should be encrypted. I hope that helps. > > Scott > > On Mon, Jan 23, 2012 at 10:13 PM, Robin Wood <[email protected]> wrote: > >> I've been on quite a few planes where the duty free and the bar allow >> people to pay by credit card. I'd guess the data is stored and >> downloaded to be processed at the end of each flight, if so, that is a >> great target for card thieves. I wonder how many are actually properly >> protected? >> >> Robin >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
