The Underscore Archives

Aaron Trevena <aaron.trevena at gmail.com> wrote :

> Which is mostly true - stealing CC details over the wire, even without
> encryption is nontrivial and very ineffective - even a petty criminal
> would target multiple cards at a time - which is easiest by "dumpster
> diving" at restaurants - all the big recent cases, like TKMaxx have
> been where a companies head office has been lax in dealing with
> records of millions records.
> 

As a result of which the payment card industry is introducing the PCI standard for companies that use CC information. The standard is compulsory and very stringent. It calls for encryption, access control and intrusion detection... and costs a lot to implement, but it's cheaper than increased fees or a fine. 

FYI, The deadline is June 30th.

cheers

Jim