18Eyl
Do TLS interceptors that use root certificates to inspect traffic need to worry about PCI? [closed]
Many schools and workplaces require people using their internet to first install a root certificate, so that web traffic passing through their system can be decrypted and checked.
If someone makes an online purchase while connected to their institution's network, and the institution is actively decrypting and scanning internet data, and decrypts their credit card information, has the institution become a credit card processor? Is the institution thus obligated to comply with the full PCI standard?
