PCI – Retailers and the Storage of Credit Card Information
The following is well worth a read if you are involved with PCI compliance within your organisation. Thanks to our PCI specialist, Fatemah Beydoun for the heads up and links.
The National Retail Federation recently sent a letter of concern to the PCI Security Standards Council discussing the storage of credit card information. This has drawn a lot of discussion across PCI related and other IT security sites. Some good points and interesting debate:
http://pcianswers.com/2007/10/11/retailers-do-not-need-to-store-credit-card-data/
http://www.schneier.com/blog/archives/2007/10/merchants_not_s.html
October 23rd, 2007 at 3:11 pm
If you read a little closer, you’ll notice the NRF letter was signed by the senior VP and CIO David Hogan. Interesting someone with a more tech focus than, say the CEO, should put their hand up to write such a piece.