Stack Overflow
Stack Overflow

Questions tagged [pci-dss]

The Payment Card Industry Data Security Standard is a worldwide information security standard assembled by the Payment Card Industry Security Standards Council (PCI SSC).

The PCI-DSS applies whenever an organisation stores, processes or transmits payment card data. Payment cards are Visa, MasterCard, JCB, American Express and Diners International branded cards. Compliance with PCI-DSS is measured either by a self assessment for small organisations or through an on-site assessment by a QSA for larger organisations. The size cut-offs are determined by the card schemes and based on the number of transactions that an organisation is involved with. Associated standards are PA-DSS and PTS-DSS for payment applications and PIN transaction security. All of these standards are set and maintained by the PCI Security Standards Council. Compliance with the standards is mandated by the various card schemes but is communicated through acquiring banks or other parties. Failure to comply to PCI-DSS can result in fines or other sanctions.

Latest version of PCI standards PCI DSS 3.2.1

211 questions
1
vote
2 answers

How display last 4digits from credit card number

I need to present, for user, last 4 digits of credit card attached to our system (as skype does for example). It should look like: We will charge your card xxx-xxx-xxxx-1234 For authorizing and charging CD we use some 'Payment Gateway'.…
mrok
  • 2,680
  • 3
  • 27
  • 46
1
vote
3 answers

PCI/DSS: Data at Rest

Would you consider the use of caching products in the category of data at rest?
McGovernTheory
  • 6,556
  • 4
  • 41
  • 75
1
vote
2 answers

Storing customer payment details - PCI Compliance

I'm working on a project with a new client and they've had some problems getting a merchant account for processing their online payments due to the business type. The system works in a similar way to Just Eat/Expedia etc in that a customer places on…
Terry
  • 31
  • 3
0
votes
1 answer

Does the PCI Standard apply to storing information about paper checks

Does the PCI DSS standard apply to providers that solely work with check by phone ? i.e collecting 1) Account numbers 2) Routing numbers 3) Check number in other words - no credit cards Thanks
aks
  • 255
  • 3
  • 15
0
votes
3 answers

transparent proxy to replace Credit Card Data with a Token to avoid PCI DSS scope

I work on the PCI DSS compliance of my company. After some research, i found out it is no good idea to store any credit card data at all, as this makes things far more complex. I found a payment provider providing a secure data vault in combination…
NickD
  • 2,672
  • 7
  • 37
  • 58
0
votes
2 answers

Writing my own end to end payment proccessing system

For my final project in college I want to write my own payment processing system. It would have a backend payment processing server and client (merchant) frontend. I would like to have the backend run and wait for connections/transactions from the…
jim
  • 8,670
  • 15
  • 78
  • 149
0
votes
1 answer

Stripe - Securely handling payments on the server

I'm using Stripe Elements in my frontend (React) to take payment information and everything. Currently, I have a function handleSubmit on the frontend that directly runs await stripe.confirmPayment({ elements, ... }), where const elements =…
non
  • 29
  • 5
0
votes
1 answer

How to store payment card information in case of payment processor migration?

I am working on a subscription-based project and I am looking for a way to store card information data in case I would be switching my payment processor provider to another one. In which case I would have to force all users to re-subscribe which…
user19902262
0
votes
0 answers

Removing IIS server header from WebDeploy on port 8172

I'm looking after a bit of server hardening for PCI DSS and can remove the headers from IIS no problem for standard sites but my compliance scanner is reporting (correctly) that port 8172 for MS Web deployment of packages is announcing the IIS/10…
Andy
  • 1
  • 1
0
votes
0 answers

What are the default AWS RDS values of "Account Lockout Threshold", "Account Lockout Duration", and "Reset Account Lock After"?

When enabling Enforce Password Policy, it states that: How can I get the values that AWS RDS set for those (see above image - highlighted in red)? I've enabled Enforce Password Policy and Enforce Password Expiration by default Note that I'm using…
dale
  • 25
  • 5
0
votes
1 answer

Objective of PCI DSS 3.4 is only for physical theft of disk?

To implement a PCI DSS compliant solution you must satisfy 3.4 requirement: "Render PAN unreadable anywhere it is stored (including on portable digital media, backup media, and in logs) by using any of the following approaches:" PCIDSS I thought it…
Sfp
  • 539
  • 4
  • 15
0
votes
0 answers

AWS Amplify PCI DSS Certificate

I want to integrate a payment service in my web application but the service provider needs a PCI Certificate for my web application as to see the current situation I'm thinking to move my server on AWS Amplify since AWS is a PCI DSS Compliant so if…
Anshuman Jaiswal
  • 1
0
votes
1 answer

Using AWS EC2 makes me PCI DSS Compliant

If I'm using AWS EC2 server so that AWS will give me certificate for PCI DSS Compliant. I'm a bit confuse regarding this please help me out.. Thanks
Anshuman Jaiswal
  • 1
0
votes
1 answer

Payment Card Industry DSS - Storing card holder data in systems not connected to internet

Background Though I've looked through some posts on stack-overflow that partially cover this point I'm yet to find one that provides a comprehensive question/answer. As a developer of POS systems the PCI DSS has two components I'm interested in: PA…
tentux
  • 253
  • 1
  • 2
  • 8
0
votes
1 answer

Internal Vulnerability Scan and Pen testing on Elastic Beanstalk for PCI DSS

We are currently building a PCI DSS Level 1 Compliant platform that will run only one application server on Elastic Beanstalk (Linux AMI). The Elastic Beanstalk instance, which will reside inside a private subnet, will be connected to AWS API…
3rguy
  • 31
  • 1
  • 2
1 2 3
13 14