@skylar @eriner @sapphire I was the sole implementor of PCI compliance in 2005-2006 for a big nonprofit, there were a lot less rules then than when I had to do it again in 2021 lol. there were big fat loopholes in the 2005 version that I was forced to exploit to make the system technically compliant, the people that built the system before me were storing all the cvv2 codes so they could get a discount rate on charges done months later on a timer