dmoskaluk wrote:
As you all know that PCI compliance is here
Personally, this is the first I've heard of it. I'm glad to see the CC companies finally doing something about combatting identity theft, etc at its primary source.
Quote:
Although most of the information for credit card processing goes to a third party like paypal information still needs to be encrypted.
After a quick read I'm not sure it says anything of the sort:
PCI DSS Compliance Guidelines wrote:
The Payment Card Industry Data Security Standard (PCI DSS) applies to every organization that processes credit or debit card information, including merchants and third-party service providers that store, process or transmit credit card/debit card data.
As we don't capture or store any cardholder data, I don't believe PCI applies to A2B.
Quote:
Would it be possible to encrypt A2B to ensure that any customer information is encrypted?
You can use LUKS to encrypt any partition. I use it as a matter of course for all partitions on my laptop. I doubt this would satisfy your obligations, if any, under the PCI DSS though.