|
|
|
|
|
|
by chewyfruitloop
3849 days ago
|
|
|
I worked at a place ~10 years ago that had full PCI certification, you only have to be compliant if your the one doing the processing. We had loads of 3rd party clients using one of the customer facing applications that's stored the card details and potentially the cv2 numbers in the clear. They then sent them to us to batch process a couple of times a day. If their connection crapped out, they sent them again later.
I distinctly remember reprocessing card details of transactions that had happened more than 2 weeks prior.
Credit card numbers are incredibly easy to generate too, the check digit routine is well known, and you can just try the other details randomly for small amounts till you hit jackpot. I haven't read Brian's post though because I'm getting 503 errors atm. |
|
|