On Tue 11 Sep 2012 11:27:43 AM EDT, Ray wrote:
> Thanks, Oscar. I don't think I require PCI compliance, but I have a
> lawyer on the team researching that! I do not intend to store CC
> numbers.
That's good to hear. One thing I should have also mentioned is that you
shouldn't be emailing credit card numbers around either. Not that you
said you would, but I've seen smaller organizations handle things that
way too.
In fact, one solution a consultant proposed to emailing them around,
which WOULD be PCI compliant, was to securely FAX the numbers from our
server to the person who handled credit card transactions. Who would
then store them under lock and key, destroy the fax once orders were
processed.
Fun times.
--
You received this message because you are subscribed to the Google
Group: "Washington, DC PHP Developers Group" - http://www.dcphp.net
To post, send email to washington-dcphp-group@googlegroups.com
To unsubscribe, send email to washington-dcphp-group+unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/washington-dcphp-group?hl=en
0 comments:
Post a Comment