Fallout

A note about credit cards and PCI

So in light of Bethesa accidentally leaking support tickets to a bunch of users, this is just a note I wanted to leave as a developer who actually deals with credit card data. Before everyone riots and cancels their credit cards, it is very very unlikely Bethesda leaked any credit card data that actually allows someone to use your credit card or even come close to it. You can still cancel your card if you want to super cautious, but it is not really necessary.

https://www.reddit.com/r/Fallout/comments/a3hken/dont_open_support_tickets_as_the_ticket_will_be/ https://www.reddit.com/r/Fallout/comments/a3i062/bethesda_has_doxxed_people_with_support_tickets_up/ https://www.reddit.com/r/fo76/comments/a3ga47/i_am_getting_your_support_tickets_on_my_bethesda/

In the US there is something called PCI DSS which is a set of guidelines/organization that has rules that you have to follow if you handle credit card data in anyway, shape or form.

Now, I can only assume that Bethedsa is PCI compliant and they are doing what they are suppose to be for handling credit card data since you know, they would be in way bigger trouble if they were not. Credit card numbers (and bank account numbers, etc.) are what is called "primary account numbers" or PAN. This data is 100% absolutely not allowed to be stored in plain text anywhere. If it is, it is a PCI violation and it has to be reported. You will get fined for it. The place I work at, we have log processors that scan every log on every server and all of our network traffic to make sure we are not accidentally leaking PAN anywhere.

Additionally, PAN data is usually not even kept in an encrypted form. It is usually only kept in memory as it is transitioning throw a secure encrypted network. A vendor, in this case Bethesda, has a payment processor that they work with that actually charges these accounts for money. Generally the way the flow works is that the vendor will get the PAN number from the user and give it to the payment processor right away. The payment processor will then give the vendor a "payment token" which is unique representation of that PAN and unique to that vendor (if someone got their hands on it, it is useless unless they use THAT vendors application to use it). As a result, the only data Bethesda should have stored is the expiration date of a credit card, the last 4 digits and the payment token. Nothing else.

Read:  Side note: Imagine how much of a shit show it is at Bethesda right now.

Of course I do not work at Bethesda and I cannot know this 100% for sure, but I can promise if this is not the case, Bethesda will likely be going bankrupt soon. Leaking that much credit card that is an extremely serious fine. I cannot remember exactly, but it is like $100,000 per violation or something very large.

Original link



Top-10 Best Video Games of 2018 So Far

2018 has been a stellar year for video game fans, and there's still more to come. The list for the Best Games of So Far!



Top-10 Most Anticipated Video Games of 2019

With 2018 bringing such incredible titles to gaming, it's no wonder everyone's already looking forward to 2019's offerings. All the best new games slated for a 2019 release, fans all over the world want to dive into these anticipated games!

You Might Also Like

Leave a Reply

Your email address will not be published. Required fields are marked *