Hi,
I'm technically esponsible for a web application used daily by several customers for online payments.
I inherited the codebase of the application and I discovered recently that all credit cards information included CCV are stored in the db. The data are encrypted, but the overall security of the system is low.
I notified the issue and the risks to management but I've been forced to stick with this solution.
Since I'm the "technical responsible" of the platform, I'd like to know if I could be liable for this situation in case of a security breach.
Thank you
Antoni
12-11-2013 02:44 AM
If I was in your shoes, I'd have two choices in my head.
1) Talk to someone in hopes to get it resolved.
2) Leave.
12-11-2013 04:02 PM
document everything in writing.
12-11-2013 04:35 PM