Reply to post: Stored data

Marriott: Good news. Hackers only took 383 million booking records ... and 5.3m unencrypted passport numbers

tiggity Silver badge

Stored data

Were their procedures properly vetted for PCI DSS compliance?

It is heavily recommended you use a token based method, so do not need to store card details, (with the onus on the specialist CC token companies to securely store card details)

If you do decide to store them yourself then you really should have been getting your systems checked (and periodically, not just once back in the day, as what seemed a secure system 5 years ago could well essentially useless now based on new exploits) - PCI DSS compliance (if you are silly enough to store CC data yourself) includes requirement for periodic security test e.g. pen tests etc.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon