[LINK] Adobe

Scott Howard scott at doc.net.au
Sat Oct 5 01:32:30 AEST 2013


On Fri, Oct 4, 2013 at 5:36 AM, Brendan <brendansweb at optusnet.com.au> wrote:

> > At this time, we do not believe the attackers removed decrypted credit or
> > debit card numbers from our systems.
>
> For what reason do companies retain card numbers?
>

Adobe do a number of subscription-based services.

They likely also do the "remember my card" style thing for general website
purchases too.

Per PCI requirements, the number stored will not include the CVV2 code, so
even if they were able to be decrypted their use would be limited, however
some sites (Amazon being the most visible) still don't enforce use of
CVV2...

  Scott



More information about the Link mailing list