Menu
News
All News
Dungeons & Dragons
Level Up: Advanced 5th Edition
Pathfinder
Starfinder
Warhammer
2d20 System
Year Zero Engine
Industry News
Reviews
Dragon Reflections
Columns
Weekly Digests
Weekly News Digest
Freebies, Sales & Bundles
RPG Print News
RPG Crowdfunding News
Game Content
ENterplanetary DimENsions
Mythological Figures
Opinion
Worlds of Design
Peregrine's Next
RPG Evolution
Other Columns
From the Freelancing Frontline
Monster ENcyclopedia
WotC/TSR Alumni Look Back
4 Hours w/RSD (Ryan Dancey)
The Road to 3E (Jonathan Tweet)
Greenwood's Realms (Ed Greenwood)
Drawmij's TSR (Jim Ward)
Community
Forums & Topics
Forum List
Latest Posts
Forum list
*Dungeons & Dragons
Level Up: Advanced 5th Edition
D&D Older Editions
*TTRPGs General
*Pathfinder & Starfinder
EN Publishing
*Geek Talk & Media
Search forums
Chat/Discord
Resources
Wiki
Pages
Latest activity
Media
New media
New comments
Search media
Downloads
Latest reviews
Search resources
EN Publishing
Store
EN5ider
Adventures in ZEITGEIST
Awfully Cheerful Engine
What's OLD is NEW
Judge Dredd & The Worlds Of 2000AD
War of the Burning Sky
Level Up: Advanced 5E
Events & Releases
Upcoming Events
Private Events
Featured Events
Socials!
Twitch
YouTube
Facebook (EN Publishing)
Facebook (EN World)
Twitter
Instagram
TikTok
Podcast
Features
Top 5 RPGs Compiled Charts 2004-Present
Adventure Game Industry Market Research Summary (RPGs) V1.0
Ryan Dancey: Acquiring TSR
Q&A With Gary Gygax
D&D Rules FAQs
TSR, WotC, & Paizo: A Comparative History
D&D Pronunciation Guide
Million Dollar TTRPG Kickstarters
Tabletop RPG Podcast Hall of Fame
Eric Noah's Unofficial D&D 3rd Edition News
D&D in the Mainstream
D&D & RPG History
About Morrus
Log in
Register
What's new
Search
Search
Search titles only
By:
Forums & Topics
Forum List
Latest Posts
Forum list
*Dungeons & Dragons
Level Up: Advanced 5th Edition
D&D Older Editions
*TTRPGs General
*Pathfinder & Starfinder
EN Publishing
*Geek Talk & Media
Search forums
Chat/Discord
Menu
Log in
Register
Install the app
Install
The
VOIDRUNNER'S CODEX
is coming! Explore new worlds, fight oppressive empires, fend off fearsome aliens, and wield deadly psionics with this comprehensive boxed set expansion for 5E and A5E!
Community
General Tabletop Discussion
*Dungeons & Dragons
NuTSR Financial Data Breach
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="Michael Linke" data-source="post: 8767950" data-attributes="member: 6873682"><p>I’ve seen off the shelf (open source) e-commerce platforms store credit card numbers, albeit in an encrypted state. We implemented changes to one so that we could use it without storing those numbers for PCI reasons.</p><p></p><p>It’s possible his software stores these numbers as encrypted values, and he exported them as unencrypted plain text for some reason. It’s also possible he harvested these numbers in person from people who payed by card at one of his businesses.</p><p></p><p>It wasn’t always the case that PCI didn’t permit for business to store credit card numbers. Older versions of the PCI-DSS standard allowed encrypted storage. He may just be using an ecommerce platform that was compliant at the time it was implemented.</p><p></p><p>Elsewhere, I commented out of a vivid memory of IMPLEMENTING PCI compliance at an already established business, but digging more, I think the issue there is that we were already compliant, but were implementing changes to adapt to a newer version of the standard, particularly the change from stored-encrypted to not-stored-at-all.</p><p></p><p>In digging through older PCI documentation, I even found stuff suggesting that smaller business, at least at one point, had less strict requirements. It’s possible LaNasa has these CC details while to the best of his understanding being minimally compliant with whatever version of PCI-DSS was relevant to him at the time he set up his electronic payments platform. It’s also just as possible the rules got more strict since then, and his business was small enough that he flew under the radar regarding compliance audits and external data breaches.</p><p></p><p>In any case, SHARING those details was still unambiguously wrong.</p></blockquote><p></p>
[QUOTE="Michael Linke, post: 8767950, member: 6873682"] I’ve seen off the shelf (open source) e-commerce platforms store credit card numbers, albeit in an encrypted state. We implemented changes to one so that we could use it without storing those numbers for PCI reasons. It’s possible his software stores these numbers as encrypted values, and he exported them as unencrypted plain text for some reason. It’s also possible he harvested these numbers in person from people who payed by card at one of his businesses. It wasn’t always the case that PCI didn’t permit for business to store credit card numbers. Older versions of the PCI-DSS standard allowed encrypted storage. He may just be using an ecommerce platform that was compliant at the time it was implemented. Elsewhere, I commented out of a vivid memory of IMPLEMENTING PCI compliance at an already established business, but digging more, I think the issue there is that we were already compliant, but were implementing changes to adapt to a newer version of the standard, particularly the change from stored-encrypted to not-stored-at-all. In digging through older PCI documentation, I even found stuff suggesting that smaller business, at least at one point, had less strict requirements. It’s possible LaNasa has these CC details while to the best of his understanding being minimally compliant with whatever version of PCI-DSS was relevant to him at the time he set up his electronic payments platform. It’s also just as possible the rules got more strict since then, and his business was small enough that he flew under the radar regarding compliance audits and external data breaches. In any case, SHARING those details was still unambiguously wrong. [/QUOTE]
Insert quotes…
Verification
Post reply
Community
General Tabletop Discussion
*Dungeons & Dragons
NuTSR Financial Data Breach
Top