Before anyone bashes MS or anyone else Cardsystems voilated Visa/MC rules under their card holder security programs. They kept data on cardholders that thyey weren't allowed to keep or even see !
"Before anyone bashes MS or anyone else Cardsystems voilated Visa/MC rules under their card holder security programs."
Besides penetration testing, the consultancy I work for is also on the various credit card issuers list of vendors who can perform regular security testing for their periodic compliance certifications.
We have yet to have one merchant pass the first time, and most fail the 2nd 3rd and 4th time, too.
Here is a good rule of thumb: If it's something you don't want anyone else to ever know, make sure it's not stored in electronic format anywhere ever. period.