We have a need to take out a list of customers' names, credit card# & PII (Personally Identfble Info)
to a Lucky Draw event to validate customers identity who won the lucky draw when the customers
come forward to claim their prizes. We can't cancel such an event nor post the reward to them.
However, this is against PCI-DSS (which we're certified). So what's the best ways to take out these
sensitive data to the event?
a) for sure, printing them out on hardcopy papers is not safe in case the papers got lost so this
should be disallowed
b) save these data on a secure laptop (where the HDD is encrypted, Wifi & USB port disabled )
& validate by viewing against the info in the screen : is this alone good enough? I think it
helps in the event the laptop got lost/stolen during the event, the encrypted HDD will mitigate
c) have IT security staff to escort the laptop during the event? Is this needed?
Any other better options?
I thought of bringing a laptop that could VPN into the backend secure server to view the data
remotely but this is a bit too late to prepare for at this time but is this more secure than option