On 02/08/2014 07:15 AM, Eero Volotinen wrote:
Also, he stores credit card information on his workstations and server. (PCI would freak out.) http://www.merchantuniversity.org/101-education/security-pci-101/pci-compliance-fines.aspx Please report this client to VISA. -- Eero
Hi Eero, You could always do it for me. Tell them everyone, except one or two in the entire state of Nevada has blown off PCI. It is the law in Nevada too. First state to pass it. I only have one client that follows the PCI paper chase. The rest, when they get a hold of all the hoops, simply pencil whip it. It is less costly to risk a possible breach and go into bankruptcy then jump through all the impossible hoops, which are so designed that they never will be able to pass an audit anyway. So why jump through the hoops? Keep in mind that the largest exploit is the human factor (human engineering viruses). There is only one question on the PCI questionnaire about it (employee education). There a hundreds of questions/hoops that will be of very, very little help (but lots of expense). Not all of them, fortunately. PCI is all about shifting liability to the merchant. Now when I said "stores credit card data on their computers", don't be confused. They are indeed talking about the eventual destination, but they are also talking about every step in the path getting there. So, if you enter a credit card using a keyboard, a card swiper (also a keyboard), a scanner, etc., the number is stored in memory in the operating system well before it gets to its eventual destination. As these locations in memory are known locations and can be harvested with a memory scrubber (the Target exploit) and/or a keystroke logger, you "are" indeed storing them on your computer. Funny, on they link you sent, they kept mixing up "breached" and "breeched". "Breeched" is your rear end. (Not that "I" ever misspell anything! Hey! I went to publik skool.) -T -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Computers are like air conditioners. They malfunction when you open windows ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~