PCI Gotchas: 12-Year-Old Data And Publishing Encryption Keys
Written by Evan SchumanNovember 19th, 2008
Along the road to PCI compliance, many retailers get off on the wrong exit ramp. One consultant argued that IT far too often leaves the financial folk—the comptroller, in particular—out of the decision process, along with the payment processor. Those are two players who you really want to keep involved. Another complained of retailers who use tokenization and then printed the token on receipts without realizing they were publishing part of their encryption key to the world. Then there are the distant expiration dates from the card brands.
This Story Is Only Available For Premium Subscribers. Click Or Login In Below To Read The Rest Of This Story.
Already a Subscriber? Login Here
Leave a Reply
Readers, specifically those who want to comment on a story:
Our Comment SPAM system is getting very aggressive these days and has been blocking legitimate comments. If you post a comment and don't see it appear within 2 hours or so, can you please send a heads-up to customer-service@storefrontbacktalk? Ideally, please include the time you posted the comment. That will allow us to try and hunt for it. Thanks! P.S. We're working on fixing the system, but we don't want to lose any valuable comments in the meantime.
Our Comment SPAM system is getting very aggressive these days and has been blocking legitimate comments. If you post a comment and don't see it appear within 2 hours or so, can you please send a heads-up to customer-service@storefrontbacktalk? Ideally, please include the time you posted the comment. That will allow us to try and hunt for it. Thanks! P.S. We're working on fixing the system, but we don't want to lose any valuable comments in the meantime.
Is there really an improvement between a mag swipe and contactless tap if multi-factor authentication is required?
-Ed
