A fairly basic question...
Why do all these businesses store credit card details? Small businesses have a system where they let a payment provider take the details and just say yes/no. Or even if the details are gathered locally, why do they need to be stored on a customer record once the details have been transmitted to the bank and the payment authorised?
That would expose far fewer bits of critical data. Before now I've refused to develop an online shop for a customer who wanted to store CC details!
And lets face it, if they crack the bank, Worldpay or Paypal you're stuffed anyway. Getting your CC details will be the least of the problems.
Biting the hand that feeds IT
