PCI DSS compliance
mike at mdsresource.net
Wed Nov 9 16:08:56 CET 2016
During our current annual PCI DSS audit, our auditor complains that a human
being can access the company's private key and, thus, a human being can
decrypt sales files containing credit card information.
All production processes are fully automated and run as non-privileged user.
We use GPG encryption for all file exchanges between this company and
banks, and between vendors/clients and this company. The latter is the
What can be done about this?
Please, advise. Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnupg-users