• _ak@lemmy.world
    link
    fedilink
    arrow-up
    27
    ·
    1 year ago

    Address, phone number, credit card and all.

    Oh wow. As someone who used to work in Fintech and who built a PCI-DSS compliant system got it successfully certified, it would be a shame if somebody reported that company for violations that could get them to lose their PCI-DSS certification. I mean, do they just bribe their PCI-DSS auditor to overlook this, or have they just managed to hide this blatant issue so far?

    • SloppyPuppy@lemmy.world
      link
      fedilink
      arrow-up
      11
      ·
      1 year ago

      Its been about 10 years ago I wasnt a pci expert then as i am now. My understanding today is that the db was probably pci compliant. But access to it was pretty promiscuous.