[LINK] Adobe
Scott Howard
scott at doc.net.au
Sat Oct 5 01:32:30 AEST 2013
On Fri, Oct 4, 2013 at 5:36 AM, Brendan <brendansweb at optusnet.com.au> wrote:
> > At this time, we do not believe the attackers removed decrypted credit or
> > debit card numbers from our systems.
>
> For what reason do companies retain card numbers?
>
Adobe do a number of subscription-based services.
They likely also do the "remember my card" style thing for general website
purchases too.
Per PCI requirements, the number stored will not include the CVV2 code, so
even if they were able to be decrypted their use would be limited, however
some sites (Amazon being the most visible) still don't enforce use of
CVV2...
Scott
More information about the Link
mailing list