According to a document obtained by Wikileaks, and brought into attention by some investigative partnership organized by the same WikiLeaks, it appears that Stratfor is/ was not complying with the PCI standards of the Payment Card Industry.

Well, at some point in the past, in 2005 – 2006, only a handful of companies were PCI compliant. However, in recent years, most if not all of the customer-respectful companies became PCI compliant whereas, according to this Stratfor XML file dated November 12, 2011, Stratfor was storing CVV data of their customers’ cards, so it could re-bill them later and this violates the PCI standard, leaving me wonder why a global intelligence company would do something as stupid and careless as that.

There are obvious risks that customer data – like in this case – might get exposed and, as such, special precautionary measures should be taken.

Am I missing something?