Stack Overflow
Stack Overflow

Questions tagged [pci-compliance]

The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment.

Merchants and software vendors must be certified by PCI and report their compliance with the industry standard for consumer security. If any customer of an organization ever pays the organization/merchant directly using a credit card or debit card, then the PCI DSS requirements apply.

The Standard can be found on the PCI SSC's Website:
https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml

Related Tags

322 questions
0
votes
1 answer

Storing a SHA256 of first and last name along with 4 last digits of credit card number

I'm trying to find the best way to uniquely identify customers before they make a purchase to ensure a coupon code isn't used twice by the same person. I do not intend to make my website full PCI compliant since I'm not planning on storing Credit…
Loic Duros
  • 5,472
  • 10
  • 43
  • 56
0
votes
2 answers

Amazon Cloud Computing: The Theory behind Securing This Instance

Explain It To Me Like I'm Five, lol. As a web developer I only worked with the traditional websetup: I got a Java application, I deploy it to a server somewhere, and connect to/test it with a web browser. If sensitive information needs to be sent…
IcedDante
  • 6,145
  • 12
  • 57
  • 100
0
votes
2 answers

SagePay's Direct Integration Or CyberSource's SOAP API Method!! Should I be PCI complaint?

I am currently integrating payment gateway to our merchant page. We are expecting about 100000 to 0.5mil transactions per month on our website. We have SSL certificate on our payment pages. Both SagePay and CyberSource equivalent for maximum payment…
Karthik
  • 1,091
  • 1
  • 13
  • 36
0
votes
1 answer

PHP site with NET ValidateRequest errors

I have a PHP site that fails on the PCI complience and the only error that i am getting is Microsoft ASP.NET ValidateRequest Filters Bypass Cross-Site Scripting Vulnerability This is a PHP site on a IIS. what can i do to make this site pass the PCI…
MZaragoza
  • 10,108
  • 9
  • 71
  • 116
0
votes
2 answers

PCI - Card Data Transmission

I understand that PCI compliance affects not just storage of card details but does it also affect transmission. E.g. if I simply want to collect a card number and transmit it over https does this require PCI compliance steps to be taken?
AJM
  • 32,054
  • 48
  • 155
  • 243
0
votes
1 answer

ClickOnce verbose - PCI compliance logging

Is verbose ClickOnce logging considered compliant with PCI DSS 2.0 Requirement 10.2.7, at least as far as its content (Requirement 10.3) goes? (10.2) Implement automated audit trails for all system components to reconstruct the following …
Jirka Hanika
  • 13,301
  • 3
  • 46
  • 75
0
votes
1 answer

Pci-Dss Policies And Procedures

I have bought PCI Compliant Security Policies and Procedures document from pcipolicy. Their written policies are ok.However, document does not help me on procedures. They just give the same suggestions with the…
Barny
  • 383
  • 1
  • 3
  • 13
0
votes
2 answers

Advice for handling credit card data

I am currently building a website for a small business that requires a payment gateway (we will probably use Authorize.Net). The problem is, on many orders, there are special needs for calculating shipping and handling costs. This requires us to…
user1148809
0
votes
1 answer

Internal Vulnerability Scan Report

How do I write an Internal Vulnerability Scan Report for my project? Do I have to use a tool to generate this report? I have searched on the web related to this but I have been unable to understand it.
DDD
  • 93
  • 4
  • 14
0
votes
3 answers

Verbose reports need to be turned off for PCI compliance

We were informed from the PCI compliance team that we failed because "verbose reports" are on. I have never heard of this before. We have an IIS6 server. We are not running crystal reports or anything of the sort. I can't find any item in II6 called…
done_merson
  • 2,800
  • 2
  • 22
  • 30
0
votes
1 answer

Out of box PCI Compliant solutions for user authentication and logging in ASP.net MVC

We have an admin website which is essentially a user interface for our clients to look at their customer transactions and reports. This is developed on ASP.net MVC3 using Telerik MVC controls. The main crux of our product are the webservices. We are…
sdd
  • 143
  • 7
  • 21
0
votes
1 answer

Dangerous Request.Path value was detected from the client (?) with PCI compliance

I am getting this error A potentially dangerous Request.Path value was detected from the client (?) I know that putting requestPathInvalidCharacters="" in the web config will allow me to do this, but this is not PCI Compliant and it is simply…
Wesley Skeen
  • 7,977
  • 13
  • 42
  • 56
-1
votes
1 answer

Need resources and suggestions on how Payments work (authorization settlement clearing) from a cryptographic perspective

I am trying to understand how transactions, credit cards (magstripes, chips, ..), e-commerce,.. work from a cryptographic perspective. What kind of algorithms are used, how to ensure Confidentiality, Integrity, authentication, ... Thank you in…
Endre
  • 1
  • 1
  • 4
-1
votes
1 answer

How to create an application that can be downloaded by customer in order to not use my server to transfer data

This is a different question but what I am trying to do is avoid PCI compliance on my end and transfer that issue over to the customer. This will deal with the transfer of credit card numbers. I am wondering how you can create an application like a…
Timothy Meyer
  • 3
  • 2
-1
votes
1 answer

Collecting card data PCI level

We want to integrate a 3rd party service, regarding payments, their API waiting PAN & expiration date, and we need to determinate what PCI level do we need? So, we just collect this data on client, send them to our server which will send data to…
jahoza
  • 49
  • 6
1 2 3
21 22