Reply to post: Re: PCI-DSS Compliance

DVLA denies driving licence processing site is a security 'car crash'

Anonymous Coward
Anonymous Coward

Re: PCI-DSS Compliance

Nearly correct, it's if you handle an un masked PAN, CVV2 etc. not just storage in the triditional sense.

Equally you can't store the CVV2 number or for that matter a copy of the tracks from the card's magnetic strip.

Equally unless you use clear network segregation other systems could well be within scope of PCI...so if they take payments by phone the web site could easily still be a PCI compliance issue.

This is not by any stretch of the imagination the DVLA's worst security issue in recent times involving piss poor web site security.

Perhaps El Reg may want to submit an FOI request...the response would evidence the quality of the DVLA's incident tracking process if nothing else.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2019