Stack Overflow
Stack Overflow

Questions tagged [pci-compliance]

The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment.

Merchants and software vendors must be certified by PCI and report their compliance with the industry standard for consumer security. If any customer of an organization ever pays the organization/merchant directly using a credit card or debit card, then the PCI DSS requirements apply.

The Standard can be found on the PCI SSC's Website:
https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml

Related Tags

322 questions
0
votes
1 answer

Secure transaction without PCI compliance?

I'm a Freelance developer creating a site for a start-up company. Getting PCI compliant at this time is going to be tough, since the site is still in major development and the funds are quite short. The situation is this: They want to accept…
Rockster160
  • 1,579
  • 1
  • 15
  • 30
0
votes
1 answer

Prevent site from being viewed in Webview (android)

An unauthorized app on the google play store is utilizing webview to frame our mobile e-commerce site. Aside from branding impacts, we have concerns over security & pci. Is there a technical solution to preventing an unauthorized source from…
Jason
  • 7,612
  • 14
  • 77
  • 127
0
votes
3 answers

PCI compliant hash of a credit card number

Someone has queried me to see if they can use their customers credit card numbers as membership numbers. So looking up the PCI requirements for storing credit card numbers it says that a one way hash of the credit card number is required. Page 38…
CathalMF
  • 9,705
  • 6
  • 70
  • 106
0
votes
1 answer

PayPal recommended solution?

I have to implement PayPal payments module(with both Direct Payment and express checkout) and I wonder what is the most up-to-date recommended solution to do this? I don't want to meet PCI compilance on my own so I've read Payflow gateway is the…
Daniel
  • 15
  • 2
0
votes
0 answers

Unique Credit Card processing requirement?

I am working with a client to migrate their 12 year old ecommerce site to a more modern platform. The manner in which they process credit cards is something I don't have experience with, and either I can't seem to punch the right combination of…
Kyle
  • 271
  • 1
  • 2
  • 10
0
votes
1 answer

PayPal recurring payments PCI compliance

My goal is to set up recurring payments through PayPal, and getting payment with a PayPal account and a credit card without account; I'm having trouble understanding the second part: what product from PayPal I have to buy/pay (payflow link, payments…
alex php
  • 29
  • 4
0
votes
1 answer

Safely storing bank account information on parse?

I'm using Parse as a back end. I'd like to send money to users' bank accounts using ACH, but to do that I need access to their bank account information recurrently. So, I'd like to store the information (encrypted) on the Parse server, so that I…
cph2117
  • 2,651
  • 1
  • 28
  • 41
0
votes
1 answer

Accepting but not saving bank account numbers in a web form

I'm working with a with a payment processing company that provides an API. One endpoint of this API requires a bank account number. I'm not a PCI compliance expert or web security expert, so I want to tread carefully in this area. What do I need to…
Jason Swett
  • 43,526
  • 67
  • 220
  • 351
0
votes
1 answer

Accessing database ports that are required to be closed due to PCI Compliance on Windows Server 2008

I've got a client that is hosted on a dedicated Windows 2008 Server that we look after. They have recently failed a PCI Compliance check which is asking that we close the ports for SQL Server and MySQL (1433 and 3306). If we do this we'll loose…
tomc_pm
  • 5
  • 3
0
votes
2 answers

Amazon EC2 Cloud PCI Compliance

Is the standard Amazon EC2 Cloud server PCI-Compliant? I've just launched an instance and I'm wondering if it meets the PCI Compliance standard for merchant account holders.
user3001244
  • 15
  • 4
0
votes
1 answer

Apache HTTP Server mod_session_dbd Session ID Reuse Vulnerability

I have scanned my website on TrustWave for PCI Compliance and foud this error Apache HTTP Server mod_session_dbd Session ID Reuse Vulnerability My website is running on Windows Server 2008 R2 Enterprise on Apache Server 2.4.4(On XAMPP) Following…
vanurag
  • 297
  • 2
  • 19
0
votes
1 answer

How do I prevent requests using the TRACK method on Apache

I'm going through a PCI compliance checklist and need to disable HTTP TRACK and TRACE methods on Apache for one PHP website. How can this be done reliably?
Corgalore
  • 2,486
  • 2
  • 23
  • 32
0
votes
1 answer

PCI Compliance/PayPal API

So after MUCH research online, I'm coming to the one place I know someone will be able to help me! We have a site that WILL accept credit card payments via PayPal's Classic API. More specifically, we'll be accepting credit cards for recurring…
Dan
  • 524
  • 1
  • 5
  • 17
0
votes
2 answers

Is this a safe way to store credit cards?

Basically I'm working on a site where it will process credit cards. But when a transaction/charge is placed I would like to store information about the credit card in a database. Right now, I've been thinking of storing the first 4 and last 4…
Chris Maher
  • 43
  • 1
  • 3
0
votes
1 answer

PCI compliance on a soap webservice

I have a soap webservice providing/carrying information between a partner and supplier. Basically, WS is a connector as a hub between these two. It carries and converts the data between parner and supplier. It receives an order request from parner…
Emil
  • 6,411
  • 7
  • 62
  • 112
1 2 3
21 22