Festivus
First Post
Michael Morris said:This is very bad news for RPGNow. If Visa/Mastercard gets wind of this they'll be revoking RPGNow's merchant id number until he coughs up a fine that will be in the thousands of dollars. They take this crap seriously these days, anyone who stores credit card numbers on their site in any form is liable for ALL FRAUDULENT CHARGES on the card if their database can be proved to have been comprimised.
I thought I read somewhere in the PCI 1.1 compliance documentation that it's actually something along the lines of $50,000.00 for the first incident, and they revoke your merchant ID on the second one. There is a logo program for PCI compliance that you should be looking for... I just have never seen one, but it shows that the merchant complies with a strict data security practice that is externally audited by a third party. Compliance with PCI 1.1 is expensive, which is why I bet you will eventually see many smaller online retailers go out of business or turn to a third party company that specializes in credit card transactions (like Paypal) for all their payment needs.
You can read about PCI here.