1
Ask HN: PCI Violation by client storing 'cardholder data'
I was recently contacted to fix the admin portion of a website that was not loading properly. Upon fixing the issue, I found that the website is storing credit card information (number, expiration, ccv and customer info) in their database and even displaying it in plain text to the admin for processing offline.
I've informed the client that this needs to be fixed as soon as possible and that it is a violation. From what I saw they have at least 4000+ entries of cardholder data.
What, if anything, should I do?