[falcolas]

OK: Slack is not currently a PCI-certified Service Provider.

I was also a bit surprised what they consider out of scope for their bug bounty program: https://hackerone.com/slack

[count]

I can't begin to fathom a use case for slack where you would put card data in the system...

[fweespeech]

You've never met a call center.

They've sent bug reports with credit card data they've typed in during a phone call through a variety of insecure methods.

They've also written people's credit card info on sticky notes.

Trust me, the horror that is card data and a call center is scary.

[falcolas]

How about a bug report screen shot? Lots of non-security conscious users don't understand why this could be bad. It's your (making the assumption that "you" in this case is a Slack Administrator) job to protect them from themselves.

[bogomipz]

The use case is user error. I have also seen no shortage accidentally people paste passwords into Slack as well