Hacker Read

pjc50 · 2017-01-22 20:47:42+00:00

I'm fairly sure that violates PCI-DSS.

avip | karma 6656 | avg karma 3.68 · | 2019-02-07 08:22:19

Good writeup. There's absolutely no way this is not a PCI-DSS violation.

adontz | karma 958 | avg karma 2.75 · | 2019-04-22 14:18:01

How is that even possible? it's direct PCI DSS violation! Is not there any supervising body?

eli | karma 29331 | avg karma 3.14 · | 2010-04-23 16:32:43+00:00

That does not seem PCI compliant

orra | karma 2494 | avg karma 2.74 · | 2023-10-05 14:21:03

That sounds shockingly non-PCI compliant.

chris_wot | karma 14762 | avg karma 1.71 · | 2015-10-28 23:44:50+00:00

Good point - can't believe I didn't pick that up! That's an even more obvious violation of PCI-DSS (and even the most basic security imaginable!).

lawnchair_larry | karma 10934 | avg karma 2.88 · | 2012-12-25 20:55:02+00:00

Not unusual doesn't make it acceptable. It is still a PCI DSS violation.

jimktrains2 | karma 5467 | avg karma 1.89 · | 2019-06-28 13:42:41+00:00

That's what I thought it was saying too. That's a mess from a compliance and best-practices point of view :(

Or am I missing something and this would follow the PCI DSS?

reply

joatmon-snoo | karma 2165 | avg karma 4.08 · | 2017-04-26 01:29:13+00:00

And that bank is probably in violation of PCI DSS.

jlgreco | karma 18247 | avg karma 2.97 · | 2013-04-15 17:59:01+00:00

Wouldn't doing that be a massive PCI violation? Aren't there extensive audits for this sort of thing?

jamiesonbecker | karma 410 | avg karma 0.6 · | 2021-01-18 10:32:19

Almost certainly not PCI Compliant.

The fact that they don't mention that on main page makes me wonder if they even know what it is.

Use extreme caution.

reply

user3939382 | karma 8764 | avg karma 4.4 · | 2023-12-01 09:42:55

That has to be a PCI violation. Maybe it doesn’t have any teeth. The CC networks seem lax with their rules.

petercooper | karma 48277 | avg karma 5.12 · | 2013-10-03 22:16:32+00:00

Could this result in a huge fine or penalty, not least due to potential PCI DSS violation? Here in the EU, it'd be a big data protection issue as well.

cperciva | karma 61914 | avg karma 7.51 · | 2012-08-13 17:02:43+00:00

Not based on my understanding of PCI DSS.

iancarroll | karma 3156 | avg karma 3.15 · | 2014-07-19 22:59:52+00:00

Is this not against PCI at all?

sd6594 | karma 11 | avg karma 1.1 · | 2021-04-19 18:24:27+00:00

Rumors has that the next PCI-DSS revision will change that requirement.

codezero | karma 10212 | avg karma 2.76 · | 2015-10-28 23:17:04+00:00

I am going to sound contrarian, but I don't mean to be.

How does this violate PCI-DSS? The data itself is likely stored somewhere secure (who knows) – what's being displayed in the web app is the last four digits of the card and expiration date, this isn't where it's stored.

There is obviously a question of what the retention should be, but it's definitely the case that payment information can be transferred between companies.

The whole situation exudes a lack of trust, but it's not clear to me that PCI compliance is a problem here.

reply

trm42 | karma 455 | avg karma 2.3 · | 2016-03-01 06:25:37+00:00

Don't have any experience with PCI compliance but I assume this kind of stuff _should_ remove the most idiotic security holes.

yuhong | karma 6263 | avg karma 1.05 · | 2015-03-13 17:48:42

Yea, I hope PCI DSS clarifies this matter soon.

cperciva | karma 61914 | avg karma 7.51 · | 2011-09-29 23:08:43+00:00

You're right if you're thinking it shouldn't be.

Nonsense. That would only be true if PCI was somehow related to security. ;-)

reply