[Pauldotcom] CC numbers stored on planes
Robin Wood
robin at digininja.org
Tue Jan 24 13:00:31 UTC 2012
On Jan 24, 2012 6:51 AM, "Scott Rosenthal" <scott.r.rosenthal at gmail.com>
wrote:
>
> Hi Robin, here in the states many if not all of the airlines are required
to be PCI compliant. That being said those devices should be considered in
scope by the company that is performing their assessment. If they are truly
PCI compliant, all of the credit card numbers stored on those devices
should be encrypted. I hope that helps.
Unfortunately I've tested companies who have been compliant for years yet
I've still found cleartext card data when I've been doing my test. There
are also companies regularly hitting the press after getting hacked and
finding they weren't encrypting there data.
Its not that I don't trust pci more the ability of some auditors and the
ability of companies to really know what is in scope.
Robin
> Scott
>
> On Mon, Jan 23, 2012 at 10:13 PM, Robin Wood <robin at digininja.org> wrote:
>>
>> I've been on quite a few planes where the duty free and the bar allow
>> people to pay by credit card. I'd guess the data is stored and
>> downloaded to be processed at the end of each flight, if so, that is a
>> great target for card thieves. I wonder how many are actually properly
>> protected?
>>
>> Robin
>> _______________________________________________
>> Pauldotcom mailing list
>> Pauldotcom at mail.pauldotcom.com
>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>> Main Web Site: http://pauldotcom.com
>
>
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20120124/ad700821/attachment.htm>
More information about the Pauldotcom
mailing list