Then there's the data that Facebook, Google, Youtube, and others get.
Then there's the data that Facebook, Google, Youtube, and others get.
"You win 100% of the fights you avoid. If you're not there when it happens, you don't lose." - William Aprill
"I've owned a guitar for 31 years and that sure hasn't made me a musician, let alone an expert. It's made me a guy who owns a guitar."- BBI
Also...
I think that a belief that there is some kind of regulatory buffer on this kind of information is wildly naive.
1) Somewhere in the 300 page Patriot Act, I'm sure you can find some exception that makes any data, anywhere fair game.
2) Any regulation that "protects" the information can be undone. Do you really think that Amazon, VISA, Master Cards, Stamps.com and etc are gonna fight hard to not turn over their records regarding "illegal shoulder things that go up?"
3) People cheat. Parallel construction is a thing.
I was into 10mm Auto before it sold out and went mainstream, but these days I'm here for the revolver and epidemiology information.
I don't think so?
https://www.magtek.com/content/docum.../d99800004.pdf
I had to look it up. It's been years since I even thought about what was encoded on the mag stripe.
Indeed. Most people have very consistent routines. That was one of the more interesting bits to come from the iTunes unencrypted backup fiasco a decade ago. Apple was keeping a timestamp and geolocation information of every wireless hotspot your iPhone connected to, IIRC. Which made it easy to map out peoples' daily routines. You can generate similar insights from financial data, cell phone tower hits, etc.
Yeah, online vendors are inescapable. If you bought it online then every marketing company on planet Earth will know about it before UPS does.Also, it's common practice for any online vendor to email you a copy of your invoice that lists exactly what you bought.
But in person transactions aren't as... thoroughly documented yet.
Ah. Good to know.
"how": copy to public s3 bucket. Put up digital "no trespassing" sign. Clock out at 5pm and go to happy hour.I believe it's regulatory requirements, but I'm on the IT side of things so I don't care as much about the "why" so much as the "how."
...I kid. Mostly.
Is that in alignment with PCI-DSS (not relevant if you're not storing cardholder data)? PCI-DSS says to keep the data for as short a time period as necessary. 15 years feels excessive and may not be legally justifiable if there was a breach that exposed that data to unauthorized entities.
Chris
Ah, I see where our disconnect was as the Level 3 data is not tied to your mag stripe. It is data sent from the merchant to the card issuer, in exchange for a discount on the fees they pay. The more detailed data corresponds to a higher level (Level 1, 2, 3) and also higher discounts. So the merchant may not have that info, but your bank very well might. Probably more likely if you're dealing with a bigger retailer versus a local mom and pop type store.
Huh. New to me.
I don't think B2C transactions qualify, but I base that on a quick google and not first hand experience.
https://www.centurybizsolutions.net/level-3-processing/
Rando .net URL. Not sure how valid it is. Disclaimer: I have no first hand experience in the B2B or B2C payment world, just P2P. (Where I don't think I ever saw collecting that sort of data... but it also wouldn't make a lot of sense since there are no line items to speak of. Just 2 individuals with at most the equivalent of a "comment" field on a paper check.)
If the link is (still?) correct then your average merchant PoS won't qualify. I assume that includes SquareCash type setups that are increasingly common amongst your smaller businesses.