Reply to post: Re: Luhn Check to Retrieve card details

TalkTalk downplays extent of breach damage, gives extra details

Matthew Hall

Re: Luhn Check to Retrieve card details

I think *youre* misunderstanding here. Storing the full PAN is perfectly acceptable within the PCI DSS. Storing it unprotected is not however. Protection can be provided through hashing, encryption, tokenisation, etc. Masking the middle digits essentially makes the information useless for fraud, as it is no longer cardholder data.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019