Reply to post:

TalkTalk attack: 'No legal obligation to encrypt customer bank details', says chief

Mark Talbot

As far as i was aware you were not allowed to handle any banking transactions without being pcidss compliant and whilst quite loose that does state that at rest data must be strong encrypted and that the keys mustn't be known to anybody with access to the source to decode it. So this sounds like the usual clueless executive who doesn't actually understand the regulations that their supposed to implement.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021