Stack Overflow
Stack Overflow

Questions tagged [pci-compliance]

The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment.

Merchants and software vendors must be certified by PCI and report their compliance with the industry standard for consumer security. If any customer of an organization ever pays the organization/merchant directly using a credit card or debit card, then the PCI DSS requirements apply.

The Standard can be found on the PCI SSC's Website:
https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml

Related Tags

322 questions
-1
votes
1 answer

Disabling TLS 1.0 to be PCI complaint

I was examining my httpd.conf file and in the old server, I had this and I was PCI compliant: SSLProtocol -All +TLSv1.2 In the new server, I have this and I just received a scan compliance notification informing that I am not PCI…
Jaime Montoya
  • 6,915
  • 14
  • 67
  • 103
-1
votes
2 answers

PCI DSS Compliance and Data locality

What is the best practice in terms of data locality in PCI DSS compliance world? Can I store data PCI/PII data (nope, we are not storing any of the CC#, CVV, or any magnetic stripe data) from one country in another country? Say for example, the…
Jimson James
  • 2,937
  • 6
  • 43
  • 78
-1
votes
1 answer

Sending CC number to server with HTTPS without storing in DB

I have a server and a client application which runs in a web browser. I know it is better to make client do the request directly to the payment processor (by what's called a payment page) Having said that, I would like to know if it is considered OK…
yanivps
  • 1,993
  • 3
  • 25
  • 33
-1
votes
1 answer

Would my app need to be PCI compliant in this case?

I am using USAePay as the processing gateway and they have a library to send the cardholder's information such as the PAN, EXP date, CVV2 to their servers for payment. To use this library I would have to implement a user interface consisting of…
David
  • 171
  • 2
  • 10
-1
votes
1 answer

How to handle credit card information on my server

My company wants to start a subscription based website and I'm implementing it with a payment gateway. The problem is, this payment gateway doesn't give me any tools to encrypt the client's credit card information before it reaches our server. So my…
WilsonPena
  • 1,451
  • 2
  • 18
  • 37
-1
votes
1 answer

Does developer access to ARM Templates prevent PCI compliance?

I would like my company to use ARM templates deployed by a VSTS Release Pipeline to allow developers to define resources that will be deployed to a subscription owned by our OPs team at our company to ensure that developers don't have production…
jt000
  • 3,196
  • 1
  • 18
  • 36
-1
votes
1 answer

How and where to get PCI DSS certification for Amazon EC2 for my Android application

I have a cordova based hybrid android mobile application for which i am using NodeJS as server which is installed in Amazon EC2 cloud instance. My Application is an online ordering system, for which i have to accept payments. But for accepting…
Rahul
  • 710
  • 1
  • 8
  • 25
-1
votes
1 answer

Credit card tokenization: how to avoid two-factor authentication?

(Not sure if this is the right place to ask. Please point out other forums if that's not the case). I'm based in Europe, and I've set up an invoicing system for a client of ours which uses a tokenization system provided by his bank, as part of the…
PaulJ
  • 1,646
  • 5
  • 33
  • 52
-1
votes
1 answer

Prevent changing Android SDK

I will write a SDK for a company and they will use it in their application. Our code will open a new activity and user will enter credit card information. We will withdraw money from our virtual pos. Can i understand the developer's doing reverse…
sagnymine
  • 25
  • 1
  • 5
-1
votes
2 answers

difference between https ,ssl and pci dss compliance

Hello anybody describe me. I am always confused . what is difference between HTTPS, SSL and PCI compliance. how HTTPS work ?? how SSL work ?? how PCI work ??
blogger singh
  • 1
-1
votes
1 answer

Account password transmission and PCI DSS compliance

i'm developing an android app that must be PCI PA-DSS compliant, my question is about this requirement in the PA-DSS_v3-1 document 3.3.1 Use strong cryptography to render all payment application passwords unreadable during transmission. let's say…
Leonardo Perez
  • 19
  • 1
  • 5
-1
votes
1 answer

Is it secure to put a callback URL in a URL's query string?

I'm working on an ASP.NET MVC5 web app. Say a user's session times out and they must go to a login screen to authenticate again, then be redirected back to the URL they came from. Is it good practice to put the return (callback) URL in the query…
Nautic20
  • 215
  • 4
  • 15
-1
votes
2 answers

PCI Compliance Website Confusion

I have what I believe is a simple question but am having trouble finding an authoritative answer... If I use Stripe as the payment gateway on my website, if I have a dedicated IP Address, SSL, and use Stripe correctly do I need to pass a PCI…
Brad Mash
  • 69
  • 6
-1
votes
2 answers

Possible vulnerability in ProFTP 1.3.3e

I'm managing a PLESK server and got this error from a client after they did a PCI scan on their site. What is ProFTP and is this really an issue? How would I go about fixing this issue?
symlink
  • 11,984
  • 7
  • 29
  • 50
-1
votes
1 answer

ASPSESSIONID missing HTTPONLY attribute for classic ASP

I am trying to find a way to enable HTTPONLY on the ASPSESSIONID cookie that is auto generated for classic ASP sites. I know that .NET 2.0+ sites have the ASP session cookie defaulted to HTTPONLY, but I need to get this configured for classic ASP. I…
user1903219
  • 91
  • 2
  • 4
1 2 3
21
22