Comment Re:well, duh... (Score 3, Informative) 157
This information alone doesnt indicate how PCI compliant this solution was. To be PCI compliant every box that stores or *transmits* card data is in scope, including any routers/switches/firewalls that data hits. Presumably you also had a source to the card number data, and that sounds like an area of particular difficulty to secure. Any application that allows card data to be captured (even if not stored) should go through PA-DSS (payment application) compliance testing.