Hacker News new | ask | show | jobs
by qwename 3494 days ago
One could say that non-cash (debit/credit) transactions are recorded by the devices that enable them, and thus recorded and tied to an identity. The information could then be used by matching your card number when you use it online or elsewhere.
1 comments
ThrustVectoring 3494 days ago
This is at least complicated somewhat by PCI compliance. Are you allowed to store irrecoverable hashes of card numbers?
link
mcpherrinm 3494 days ago
Yes, you can store tokens representing a credit card number (whether an hmac, database identifier, etc) outside of PCI scope. https://www.pcicomplianceguide.org/how-you-can-use-tokenizat...
link
qwename 3494 days ago
I am not familiar with the PCI compliance stuff, but I found this after a quick search: "How Companies Learn Your Secrets" http://www.nytimes.com/2012/02/19/magazine/shopping-habits.h...
link
tracker1 3494 days ago
You don't need the card number, the name + zip (+ store location) is enough to correlate enough of the time.
link