PCI requires that CC#'s are stored encrypted in the database. A service this big... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		loire280 on April 26, 2011 \| parent \| context \| favorite \| on: Sony: All personal data stolen from PSN PCI requires that CC#'s are stored encrypted in the database. A service this big has had a full PCI compliance overview, and they wouldn't miss a basic requirement like that (I hope).

dspillett on April 27, 2011 [–]

But if the keys are also stored somewhere where the hackers managed to gain access, they may be able to make use of the information.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact