Jump to content
J_Fyrebird

Manually processing CC - Split Credit Card E-Mail Address not working

Recommended Posts

Relationship between PCI DSS and PA-DSS

Clarified that use of a PA-DSS compliant application alone does not make an entity PCI DSS compliant.

 

When it comes to protecting yourself/your business from liabilities do not take the word of internet keyboard warriors at face value. (especially when they are interpreted to favor their own practices)

 

Contact your own merchant account provider and get clarification on any issues/questions. (If you are "afraid" to mention your current practices to your merchant account provider then that itself should be a HUGE flashing warning sign that you are probably doing something incorrectly)

 

If you fail to do your "due diligence" and just plod on as before, one day you might get a very nasty surprise when you find out that lamenting "BUT I DID NOT KNOW THAT" or "BUT I THOUGHT IT MEANT THAT" or "MY INTERPRETATION OF THAT WAS" does not hold much weight when i comes to payment data security.

Share this post


Link to post
Share on other sites

My understanding is that 3.2.2 over-rules 3.2, thus CVV should never (in any circumstance) be stored before during after authorization...

 

However 1.1.2 of PA-DSS is interesting, and seems to totally contradict my understanding of it!

 

Thanks for the conversation, it's been illuminating.

 

You are most welcome ;-)

 

I can see how one would think that 3.2.2 would overrule 3.2, but I believe it's actually subject to 3.2. It's only the PA-DSS that is specific in each point that it's after authorization.

 

I've never advocated storing sensitive information beyond authorization, ever.

 

When it comes to protecting yourself/your business from liabilities do not take the word of internet keyboard warriors at face value. (especially when they are interpreted to favor their own practices)

 

Contact your own merchant account provider and get clarification on any issues/questions. (If you are "afraid" to mention your current practices to your merchant account provider then that itself should be a HUGE flashing warning sign that you are probably doing something incorrectly)

 

If you fail to do your "due diligence" and just plod on as before, one day you might get a very nasty surprise when you find out that lamenting "BUT I DID NOT KNOW THAT" or "BUT I THOUGHT IT MEANT THAT" or "MY INTERPRETATION OF THAT WAS" does not hold much weight when i comes to payment data security.

 

Quite right. One must do their own research.

 

I talked to my provider yesterday, and while I didn't make it a point blank question, I did mention it in passing, and there was no outburst of "you CAN'T do that!!!!"

 

However, I also found out that I was incorrect in my estimate of what a gateway will cost. So, personally, I will be getting one if my site passes 5 orders a month. (I had set my "trigger" at 10 per month before.) My provider didn't seem to think this was a bad thing.

Share this post


Link to post
Share on other sites

You're right, no matter how hard I try to fix you, you're still stupid, Dunweb.

 

I have the PCI spec in front of me, and 3.2 in it's entirety says:

 

3.2 Do not store sensitive data after authorization, even if encrypted. Sensitive data includes the data as cited in following Requirements 3.2.1 through 3.2.3

 

Now, do I need to continue, or are we all following along. Good. Note the note that says sensitive data may be stored if there is a business justification and it is stored securely?

 

Is it because you make so much money misinterpreting the standards? Or is it really just an inability to read, comprehend and understand basic English and how outlines and such work?

 

Either way, you are a profiteering blowhard.

 

As far as "Turning me in" go ahead. Good luck with that...

 

Cheers

 

Well said and thank you!!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×