Not exactly. Any business that processes credit cards has to be PCI compliant. That means truncating the credit card number or encrypting it. So any company that give the DHS access to unencrypted credit card numbers no longer PCI compliant and is liable for damages in the event of a breach (which this may be).
Slashdot videos: Now with more Slashdot!
We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).