Y
Hacker News
new
|
ask
|
show
|
jobs
by
jtdowney
4615 days ago
It wouldn't even need to be a poorly written component. There is a good chance they would log the card number along side the transaction in their database.
1 comments
eCa
4615 days ago
Unless they are PCI compliant [1] they really (
really
) shouldn't, and would deserve any (and all) kind of hurt that's coming to them.
[1]
https://www.pcisecuritystandards.org/
link
[1] https://www.pcisecuritystandards.org/