PCI DSS compliance

Mike Schleif mike at mdsresource.net
Wed Nov 9 17:16:09 CET 2016

During our current annual PCI DSS audit, our auditor complains that a human
being can access the company's private key and, thus, a human being can
decrypt sales files containing credit card information.

All production processes are fully automated and run as non-privileged user.

We use GPG encryption for all file exchanges between this company and
banks, and between vendors/clients and this company. The latter is the

What can be done about this?

Please, advise. Thank you.

~ Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20161109/166abfca/attachment.html>

More information about the Gnupg-users mailing list