Re: FN-FORUM: PCI DSS Merchant Compliance -(All sites have to comply by June 30, 2005)

date posted 30th July 2005 21:11

On 30 Jul 2005 20:34:36 -0000, Andy Macnaughton-Jones [EMAIL REMOVED] wrote=
:
>=20
> Is there any problem with having PGP encrypted mails sent ?
>=20

No problem, as long as the web server is secure, credit card data
isn't stored on the file system or the database, the machine doing the
decryption is secure and preferably not connected to the internet or
on a network connected to the internet. It goes without saying that
the private keys must be secured as well.

The key principle here is of end to end security, as the saying goes a
chain is as strong as its weakest link.

--=20
Mamading Ceesay

A Letter To The Terrorists, From London
http://www.lnreview.co.uk/news/005167.php
"It's hard to panic the British. They've dealt with the Blitz, the
IRA, the Silurians, the Zarbi, the Daleks, the Cybermen..."
http://www.livejournal.com/users/coalescent/239250.html