Re: Basic Good Manners
Any organisation dealing with credit cards has to be PCI compliant.
Or rather, every organisation that deals with credit cards IS PCI compliant right up until they realise that someone else now has your CC number. It's a nice idea but I've never seen an audit that actually looked in close enough to spot every single possible security hole, and it only takes one.
This was a pretty stupid one though, and taking over a year to fix it is terrible.