Compliance fail on email clear text login port 25
Posted: Wed Feb 20, 2013 6:44 am
Hi we're currently failing on one PCI Compliance point, our mailserver allows cleartext login on port 25.
After speaking to Security Metrics today they say this is "flagged up" because some ecommerce systems send credit/debit card numbers this way...
We do not include payment numbers/details in any emails to our customers sent via AbleCommerce and I'm assuming that AbleCommerce does not send any card details via port 25 when processing an order...
Can anyone confirm this?
Thanks
Matt
After speaking to Security Metrics today they say this is "flagged up" because some ecommerce systems send credit/debit card numbers this way...
We do not include payment numbers/details in any emails to our customers sent via AbleCommerce and I'm assuming that AbleCommerce does not send any card details via port 25 when processing an order...
Can anyone confirm this?
Thanks
Matt