Home – New Forums Selling online Is this PCI compliant? Reply To: Is this PCI compliant?

  • Total posts: 524
geegee, post: 183822 wrote:
Say a website with SSL accepts credit card payments and the middle 8 digits are emailed to them and the front and back four digits are stored in the database with the customer’s order. They then enter the CR details as a MOTO in a terminal and then delete the email and reference to the rest of the CR card from the database. Is this PCI compliant?

To answer your question, anything is PCI DSS compliant as long as it’s properly documented, approved and enforced.

However, for the majority of places I don’t believe the method you’ve described would be approved as you’re giving staff access to an unmasked PAN.

Although you’re only storing the masked number in the database. By emailing the rest of the numbers you’re still storing them, just separately.

Best off talking to your bank though.