> For example, if you have a customer who insists on faxing
> full credit card info on their regular fax machine to a
> company that is utilizing a service that converts that fax to
> PDF and emails it to you?
Who is the "you" it emails to? What is the intent of the PDF? Does it have
the CVC2/CID/CVV2 on it?
From a compliance standpoint, there could be some very interesting problems.
Phil
--------------------------------------------
SystemExperts Corporation
Philip C. Cox, CISSP, PCI QSA, CISM, NSA IAM/IEM
Author of Windows 2000 Security Handbook
http://www.systemexperts.com/win2k.html
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads------------------------------------------------------------------------
