Stack Overflow
Stack Overflow

Questions tagged [pci-compliance]

The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment.

Merchants and software vendors must be certified by PCI and report their compliance with the industry standard for consumer security. If any customer of an organization ever pays the organization/merchant directly using a credit card or debit card, then the PCI DSS requirements apply.

The Standard can be found on the PCI SSC's Website:
https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml

Related Tags

322 questions
4
votes
0 answers

PCI Compliance SAQ A-EP with direct post instead of iframe

For mobile apps, is direct post able to be used with SAQ A-EP? My prior understanding was that only iframe was eligible for this, but there seems to be an unspecified allowance (see below). It makes sense the would be an exception since if the…
g491
  • 341
  • 1
  • 3
  • 12
4
votes
1 answer

Can I store user bank details without PCI compliance?

We are working on a project its nature is somewhat ride sharing , I read about PCI Compliance i know we have to be PCI Compliance if we are dealing with credit card or payment i am a little ambiguous do we store our drivers bank info like Account…
Basit
  • 862
  • 1
  • 12
  • 30
4
votes
1 answer

Costs of PCI Compliance?

We're developing a new piece of software (really just a single php script) that collects cardholder information and stores it in a MySQL database. Obviously we're taking every precaution with security (Firewall, Anti-Virus, SELinux, restrictive…
LinuxGnut
  • 393
  • 8
  • 18
4
votes
2 answers

SSL: Servers certificate chain is incomplete

I bought a PositiveSSL Wildcard from https://www.ssls.com/ I have received 3 files a .ca-bundle a .crt and a .p7b. I configured the certificates with NGINX but I'm getting an error: "Servers certificate chain is…
Adam Halasz
  • 57,421
  • 66
  • 149
  • 213
4
votes
2 answers

Trying to pass pci complience but have a cross-site scripting issue

I'm currently trying to pass PCI compliance for one of my client's sites but the testing company are flagging up a vulnerability that I don't understand! The (site removed) details from the testing company are as follows: The issue here is a…
Chris Foot
  • 343
  • 1
  • 5
  • 17
4
votes
3 answers

Android 4.1 to 4.4 KitKat - Enable TLS 1.2 for API

In trying to disable TLS 1.0, there are KitKat devices needing access to my API. I have tried overriding the default socket factory without success. I have tried converting to okhttp. Still not working. How do I get Android KitKat to connect to my…
jnrcorp
  • 1,905
  • 1
  • 18
  • 25
4
votes
2 answers

PCI compliance (PCI DSS) for Front End

I'm are currently working on the project and one of its feature is e-commerce such that our system should take care of security for user's credit card information and other credential information. I know that any web service that deals with user's…
androisojavaswift
  • 325
  • 5
  • 18
4
votes
2 answers

Sending a users credit card number to a printer with PHP

I've been curious about this for awhile and could never find any good information. I used to work at a pizza place that did online ordering. The user would submit their card information and we would run it at the store. I was wondering if someone…
jack
  • 51
  • 2
4
votes
2 answers

Does including all these 3rd party javascript files impose a security risk?

When you have all these various javascript files included on a page for various services like website analytics, click tracking etc., doesn't this create a huge security risk because using javascript they can hijack the persons credit card that is…
cool breeze
  • 4,461
  • 5
  • 38
  • 67
4
votes
2 answers

Kubernetes & docker containers PCI DSS compliance

We are creating a new version of payment gateway processor and We want to use docker container with kubernetes but we are worried if Kubernetes and docker container follow the PCI DSS requirements. We don't find anything clear in PCI DSS…
Antonio Antelo
  • 51
  • 6
4
votes
1 answer

Is It Okay to Display Credit Card Number On Validation After PostBack C# PCI Compliance

I am curious about PCI Compliance Requirements relating to post back on a Bill Pay form. I currently have a form that submits to authorize.net, I don't store any credit card information in a database or any other means. My question relates to…
TroySteven
  • 4,885
  • 4
  • 32
  • 50
4
votes
1 answer

IIS7.5 fails PCI for NTLM even though it is disabled

I must just be missing something simple, but I can't for the life of me figure out why a site is failing a PCI scan. It's specifically failing for "Account Brute Force Possible Through IIS NTLM Authentication Scheme." I've searched the web and come…
doulos2k
  • 53
  • 1
  • 6
3
votes
3 answers

Apache configuration settings for specific port (PCI Compliance)

I am trying to make my server PCI Compliant. One of the last issues that I need to fix is to remove the INode from Apache ETag header. So I defined in httpd.conf this line: "FileETag MTime Size" to only return MTime and Size.
Kelvin
  • 8,813
  • 11
  • 38
  • 36
3
votes
2 answers

Is Apache Tomcat PCI Compliant?

Does anybody know if Apache Tomcat (latest version) is PCI compliant? If so (or if not) could you –please- provide me with some links to support the affirmation/negation? Thanks in advance
Wilmer
  • 1,025
  • 5
  • 9
3
votes
1 answer

PCI-Compliant Membership Provider for ASP.Net?

The off-the-shelf ASP.net Membership Provider and tables do not appear to be PCI-compliant. Has anyone already implemented a PCI-Compliant Membership Provider for ASP.net? In particular, I am looking at the requirements for section 8.5: 8.5.2: Is…
Sam
  • 9,933
  • 12
  • 68
  • 104
1 2
3
21 22