Stack Overflow
Stack Overflow

Questions tagged [pci-compliance]

The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment.

Merchants and software vendors must be certified by PCI and report their compliance with the industry standard for consumer security. If any customer of an organization ever pays the organization/merchant directly using a credit card or debit card, then the PCI DSS requirements apply.

The Standard can be found on the PCI SSC's Website:
https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml

Related Tags

322 questions
8
votes
5 answers

Hosting a PCI compliant app on Azure

I want to host an application on Windows Azure that stores the credit card information of users who pay to buy subscriptions for a monthly fee. I'd just have to store the card data as securely as possible (encrypt, salt, update database password…
Mark13426
  • 2,569
  • 6
  • 41
  • 75
7
votes
2 answers

is Last 4-digits of credit card and Expiry Date storage allowed in PCI-DSS?

We need to store last 4 digits of credit card, (in order to let customers know which card they have used?) and expiry date (to notify customers that their card is about to expire) for our subscription/recurring payment based SaaS application. are…
Kiran Beladiya
  • 441
  • 1
  • 5
  • 11
7
votes
2 answers

Disable TLSv1.0 in Azure App Service Web App

In order to maintain PCI compliance, I need to have TLS v1.0 disabled. Is there anyway to do that (without paying for tech support)?
Brandon F
  • 703
  • 1
  • 5
  • 10
6
votes
2 answers

Which SSL ciphers for PCI compliance on Amazon AWS ELB?

We're trying for PCI compliance on a load balanced EC2 instance on AWS. One issue we have to resolve is our load balancer accepts weak ciphers. However, ELB doesn't support the cipher suite, so I have to manually set each cipher one by one. Problem…
Seamus James
  • 981
  • 3
  • 12
  • 25
6
votes
1 answer

What does it take to write a PCI compliant assembly?

I have a WPF application that we have integrated credit card processing into. We're currently having the credit info swiped/typed into a webpage in a WPF web browser to satisfy PCI compliance. Apparently this is ok because the web browser component…
xr280xr
  • 12,621
  • 7
  • 81
  • 125
6
votes
1 answer

Storing SEPA (IBAN and BIC) data - requires PCI compliance?

we would like to use a banking API to do SEPA transfers from our bank account to the user's bank account. For that the user needs to enter his IBAN and BIC into the form. We take those data (SSL secured) and transfer the money using the banking REST…
S. F.
  • 206
  • 4
  • 14
6
votes
1 answer

Overwrite then set to null

I am working on a legacy ecommerce platform and have noticed a convention when dealing with credit card numbers. C# cardnumber = "11111111111111111111"; cardnumber = null; or in sql update cards set cardnumber = '11111111111111111111' where…
tgandrews
  • 12,349
  • 15
  • 43
  • 55
6
votes
2 answers

Open Source Static Source Code Analysis Tool (Security Oriented) For Java

I am looking for an open source static source code analysis tool that can be used for security testing of an android application. I need to make sure that my application is PCI compliant. An example of a non-open source tool is Fortify. Anyone can…
Strider007
  • 4,615
  • 7
  • 25
  • 26
5
votes
3 answers

How to make Google App Engine PCI Compliant?

I have read a few articles that say in order to have a PCI compliant cloud solution you need to have a private cloud environment and cannot use google app engine. Is it possible to create a PCI compliant website that specifically stores credit card…
MindWire
  • 3,969
  • 7
  • 34
  • 46
5
votes
2 answers

Does all source code need to be PCI compliant?

We have never transmitted, processed or stored credit card information in the past as we did everything via PayPal so we never needed to be PCI compliant. However, we are launching a new online store and by having a seamless checkout where credit…
cappuccino
  • 2,175
  • 5
  • 26
  • 48
5
votes
4 answers

Custom JSON serialization of sensitive data for PCI compliance

We have to log incoming requests and outgoing responses for our web service. This includes JSON serialization of each object so they can be stored in a database. Some information is considered sensitive (such as Social Security Numbers, credit card…
DesertFoxAZ
  • 439
  • 1
  • 4
  • 14
5
votes
1 answer

W2012 How to turn off TLS_RSA_WITH_3DES_EDE_CBC_SHA

My PCI scans are failing on my win 2012 R2 server because of this. Here is the list of medium strength SSL ciphers supported by the remote server : Medium Strength Ciphers (> 64-bit and < 112-bit key) TLSv1 DES-CBC3-SHA Kx=RSA Au=RSA…
Austin
  • 337
  • 1
  • 2
  • 9
5
votes
2 answers

PCI DSS and release deployment automation

One of the PCI DSS rules is: "The PCI DSS applies to all system components included in or connected to the cardholder data environment" How would you go about handling an SCM/release automation server? There has to be a port open from some server in…
Pavel Chernikov
  • 2,186
  • 1
  • 20
  • 37
4
votes
2 answers

How do I secure CFID for PCI compliance?

We've been failing our PCI scans because ColdFusion has predictable CFIDs. The exact FAIL we get is "Predictable Cookie Session IDs". Now the CFTOKEN is no longer predictable since I've configured CF to use UUID for CFTOKEN, however, the CFID is…
Amir
  • 4,211
  • 4
  • 23
  • 41
4
votes
3 answers

Why do FireFox and certain other browsers alter the URL in the address bar when the server responds

I'm having difficulty meeting PCI-DSS compliance this quarter because of the following problem. When you type the following into a…
James Smith
  • 324
  • 3
  • 15
1
2
3
21 22