| ||Ask HN: Should I report my main competitor for PCI Violations?|
118 points by altron on Jan 1, 2015 | hide | past | favorite | 126 comments |
|It has recently come to my attention that my largest competitor (B2B SaaS in a niche market) has blatantly disregarded all PCI regulations for close to a decade.|
He uses a multi-tenant database, stores CC numbers in plain-text (full 16 digits, CVV and Expiration Date), and shows that data to the user, in plain-text, at the time of payment.
I discovered this in the process of helping a new customer export their data from the old system.
I've spent days debating the ethics of reporting or making this public. On the one hand, I'd be putting him out of business (and I'm well poised to scoop up those new prospects). On the other hand, he's putting people's finances at risk and I feel obligated to say something that the public may not be able to discern.
Any advice would be greatly appreciated.
| Apply to YC