Reply to post: Re: Luhn Check to Retrieve card details

TalkTalk downplays extent of breach damage, gives extra details

Alister Silver badge

Re: Luhn Check to Retrieve card details

believe PCI-DSS should be much more restrictive than it currently is and not allow masked details to be included in the same detail as the encrypted card number as you are basically making breaking the encryption easier.

I think you are misunderstanding.

The encryption is applied to the stored data, which is only the first 6 and last 4 digits. There (should be) no circumstance where the full card number is stored in any format.

Whether Talk Talk followed this is, of course, open for discussion.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019