For some days ago another forum got hacked and this time it was one of the major ones, the problem wasn't the forum itself, god, they have still troubles to rebuild it, however, no the trouble is, that all the credit card information from their paying users was STORED on the servers.
It is against PCI regulations to store any credit card information on the server if you are not PCI compliant itself, it don't matter if the hosting company is compliant, no, the company and their servers need to be PCI complian.
So, it looks like who ever is the technical chief for webhostingtalk.com is an idiot.
The recent hack apparently revealed that iNet (the company that owns webhostingtalk.com) was storing unencrypted credit card details, including CVV codes, in their database.... which was just recently hacked... and stolen... and they didn't even know about it until the hacker told them.
The lesson?
Everyone gets hacked. That isn't the question. Yes, I feel bad for iNet being hacked. It's sucky, but really.. that's not the issue nor is it the lesson here.
The lesson...
Don't be an idiot.
1. If you must store credit card details, then encrypt them before storing them. Only an idiot would store their customer's unencrypted credit card details in a database.
2. DO NOT STORE CVV DETAILS. This is against visa/mc regulations, and is even against the law in some countries. CVV codes may not be used for anything except the transaction of the moment. If you store the cvv code anywhere, then you are not only an idiot, but you are very likely to get banned from ever having a merchant account again.
It is against PCI regulations to store any credit card information on the server if you are not PCI compliant itself, it don't matter if the hosting company is compliant, no, the company and their servers need to be PCI complian.
So, it looks like who ever is the technical chief for webhostingtalk.com is an idiot.
The recent hack apparently revealed that iNet (the company that owns webhostingtalk.com) was storing unencrypted credit card details, including CVV codes, in their database.... which was just recently hacked... and stolen... and they didn't even know about it until the hacker told them.
The lesson?
Everyone gets hacked. That isn't the question. Yes, I feel bad for iNet being hacked. It's sucky, but really.. that's not the issue nor is it the lesson here.
The lesson...
Don't be an idiot.
1. If you must store credit card details, then encrypt them before storing them. Only an idiot would store their customer's unencrypted credit card details in a database.
2. DO NOT STORE CVV DETAILS. This is against visa/mc regulations, and is even against the law in some countries. CVV codes may not be used for anything except the transaction of the moment. If you store the cvv code anywhere, then you are not only an idiot, but you are very likely to get banned from ever having a merchant account again.
