Re: Email blocking inbound credit card numbers -- PCTECH

If you're a merchant, service provider, or other processor in the PCI chain
and you take CCs via email then your entire email system may be considered
in-scope by your PCI assessor and the full DSS applies. Which means
encryption everywhere, physical access reviews, etc. Generally, even if you
use Office365, G Suite, or some other hosted solution, this is non-trivial
and non-cheap.

Also, rejecting CCs sent via email might, just might, slowly train a few
people to think before they send sensitive information via insecure
channels.

Downside is that a lot of numbers can match the Luhn check so false
positive rate can be high unless the logic looks for other things.

(I own the PCI compliance program for a Level 1 service provider)

On Wed, Apr 17, 2019 at 10:41 AM Jim Oberholtzer <
midrangel@xxxxxxxxxxxxxxxxx> wrote:

I would not want the liability of getting onto my system in the first
place....

--
Jim Oberholtzer
Agile Technology Architects

-----Original Message-----
From: PcTech <pctech-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of David Gibbs
via PcTech
Sent: Wednesday, April 17, 2019 10:39 AM
To: pctech@xxxxxxxxxxxxxxxxxx
Cc: David Gibbs <david@xxxxxxxxxxxx>
Subject: [PCTECH] Email blocking inbound credit card numbers

I've noticed something kind of interesting on the mailing lists recently.

Some mail servers are blocking inbound email that appear to contain credit
card numbers.

I can understand restrictions on filtering outbound mail that might contain
credit card numbers. While it's obviously not a good idea to send a credit
card number in email, why would a company block mail that does contain one?

david

--
IBM i on Power Systems: For when you can't afford to be out of business!

I'm riding 615 miles (Yes, you read that right) in the American Diabetes
Association's Tour de Cure to raise money for diabetes research, education,
advocacy, and awareness. You can make a tax-deductible donation to my ride
by visiting https://mideml.diabetessucks.net.

You can see where my donations come from by visiting my interactive
donation
map ... https://mideml.diabetessucks.net/map (it's a geeky thing).

I may have diabetes, but diabetes doesn't have me!
--
This is the PC Technical Discussion for IBM i (AS/400 and iSeries) Users
(PcTech) mailing list To post a message email: PcTech@xxxxxxxxxxxxxxxxxx
To
subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/pctech
or email: PcTech-request@xxxxxxxxxxxxxxxxxx Before posting, please take a
moment to review the archives at https://archive.midrange.com/pctech.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com

--
This is the PC Technical Discussion for IBM i (AS/400 and iSeries) Users
(PcTech) mailing list
To post a message email: PcTech@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/pctech
or email: PcTech-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/pctech.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com