Y
Hacker News
new
|
ask
|
show
|
jobs
by
ThrustVectoring
3493 days ago
This is at least complicated somewhat by PCI compliance. Are you allowed to store irrecoverable hashes of card numbers?
3 comments
mcpherrinm
3493 days ago
Yes, you can store tokens representing a credit card number (whether an hmac, database identifier, etc) outside of PCI scope.
https://www.pcicomplianceguide.org/how-you-can-use-tokenizat...
link
qwename
3493 days ago
I am not familiar with the PCI compliance stuff, but I found this after a quick search: "How Companies Learn Your Secrets"
http://www.nytimes.com/2012/02/19/magazine/shopping-habits.h...
link
tracker1
3493 days ago
You don't need the card number, the name + zip (+ store location) is enough to correlate enough of the time.
link