The problem with PCI compliance

Hello everyone and happy new year.

PCI compliance requires CC’s be encrypted, yet every other online store I’ve encountered STORES the ENCRYPTION KEY on the box, usually somewhere in the store’s code. What’s the point? Who does this deter?

Even if the CC’s are encrypted, what’s to stop someone from just grabbing the CC’s and all the payment info entered before its sent to the database? Does PCI compliance protect against this? No.

The problem with PCI compliance is people blindly trust that it’s good enough for their needs. Good enough to protect them from the boogy man. Its not.

That’s my 2 cents on that.

What I’m working on:
Finishing Brutus 2 – Electric Boogaloo
Finishing a web services fuzzer
Finishing cracking a .net managed assembly for a copy protection scheme used by a well known company (will definitely make a blog post out of it)
Finding things to do to keep my sanity.

Check back soon.

Leave a Reply