2 years ago
There is no reason why blippy should have been able to expose credit card numbers to Google’s crawler. Any person who’s handled credit card numbers knows that this type of security problem is impossible to have if you’re PCI (Payment Card Industry) compliant.
Basically, it’s illegal to store credit card data unless you comply with PCI guidelines. In order to be PCI compliant, your PAN (Primary Account Number) must be encrypted and rendered unreadable, or you have to use a third-party to encrypt PANs for you.
The fact that users’ PANs were displayed in plain text is worrisome and suggests that blippy isn’t using the required strong encryption that would make them PCI compliant.
—
-
caterpillarcowboy said:
I wonder what Mint.com’s response would have been to a similar situation. They’ve always had an intense focus on security and brand.
-
pegobry reblogged this from mikehudack and added:
Blippy was always a disaster waiting to happen. That screwup may have been bad, but their brain-dead, tone-deaf response...
-
michaeljung liked this
-
david liked this
-
kylewritescode liked this
-
jratlee reblogged this from mikehudack and added:
i didn’t like blippy from the moment i heard about them and this is exactly why.
-
mikehudack reblogged this from allang
-
allang posted this
Hi, I'm @Allan. I founded a company called LayerVault.
