Questions tagged [pci-dss]

The Payment Card Industry Data Security Standard is a worldwide information security standard assembled by the Payment Card Industry Security Standards Council (PCI SSC).

The PCI-DSS applies whenever an organisation stores, processes or transmits payment card data. Payment cards are Visa, MasterCard, JCB, American Express and Diners International branded cards. Compliance with PCI-DSS is measured either by a self assessment for small organisations or through an on-site assessment by a QSA for larger organisations. The size cut-offs are determined by the card schemes and based on the number of transactions that an organisation is involved with. Associated standards are PA-DSS and PTS-DSS for payment applications and PIN transaction security. All of these standards are set and maintained by the PCI Security Standards Council. Compliance with the standards is mandated by the various card schemes but is communicated through acquiring banks or other parties. Failure to comply to PCI-DSS can result in fines or other sanctions.

Latest version of PCI standards PCI DSS 3.2.1

211 questions

votes

1 answer

When tokenizing credit card information, does it make sense tokenize every credit card attribute in order to be PCI compliant?

For example, if credit card has the following attributes: First Name Last Name Credit Card Number CVV Expiration Is tokenizing just the Credit Card Number enough to be PCI compliant? Correspondingly, if tokenizing ACH details and the details…

pci-compliance pci-dss

asked Mar 31 '20 at 20:53

Judy007

5,484
4
46
68

votes

0 answers

Should I use separate databases for HIPAA and PCI-DSS compliant data?

My question is mostly theoretical, but if I have an application (for example for a private clinic) which stores their patient's health information (HIPAA), accepts payments with cards and stores payment history (PCI-DSS), and stores other…

amazon-rds standards-compliance pci-compliance pci-dss hipaa

asked Mar 12 '20 at 09:57

jumpy

votes

1 answer

Is TLSv1.3 recommended today in production

Security guides (PCI-DSS, NIST, www.ncsc.gov.uk, french ANSSI ..) state that TLSv1.2 only should be allowed, and that TLSv1.0 TLSv1.1 should be desactivated. There is no security guide that give any explicit recommandation for TLSv1.3. My…

tls1.2 pci-compliance pci-dss tls1.3

asked Oct 08 '19 at 15:47

OlivierThompson

votes

1 answer

Is this set-up PCI DSS compliant?

Setup: Mobile uses Stripe to get credit card token. Mobile sends token to Server 1. Server 1 gets credit card details using the token. Instantly, the Server 1 encrypts the details and sends it to a PCI DSS compliance Server 2 via an SSL…

stripe-payments pci-compliance pci-dss

asked Jun 18 '19 at 01:31

Damia Fuentes

5,308
6
33
65

votes

1 answer

Stripe retrive customer API also retrives card info (PCI ompliance)

I created customer in Stripe with Elements. Now I need to check if customer exists in my web app (with axios request). As far as I know the only way to check if customer exists is to retrive him: https://stripe.com/docs/api/customers/retrieve. I…

api stripe-payments pci-dss

asked Jun 14 '19 at 11:24

Rinat Rezyapov

votes

1 answer

How to make Google Cloud SQL Instance PCI compliant?

I’m securing my Google Cloud SQL Instance to be PCI DSS compliant, but when I’m scanning the server I get a critical warning over port 3307 saying that accepting a TLSv1.0 is not permitted. Where can I upgrade the TLS version to be at least 1.2?…

google-cloud-platform google-cloud-sql tls1.2 pci-compliance pci-dss

asked May 06 '19 at 21:28

Yeudiel

votes

1 answer

Firebase Hosting PCI Compliance

We have built a web application platform considering the Firebase as the centre of the technology and at this point when we need to submit the PCI DSS our system is failing the test, because it is all built on Firebase. Please tell me that firebase…

firebase google-cloud-functions firebase-hosting pci-compliance pci-dss

asked Apr 25 '19 at 20:22

Anant Anand Gupta

votes

1 answer

How to generate Master Pass Merchant ID/Merchant PAN

I am working on Masterpass QR integration which is a scan to pay feature where there will be a user and a merchant.Can anybody let me know the steps or algorithm for generating merchant PAN in masterpass QR.

payment pci-compliance pci-dss mastercard core-banking

asked Aug 30 '18 at 13:30

Rahul gupta

votes

1 answer

Encryption Algorithms to Store UII & PII using Java Technologies

What type of algorithms (e.g. AES) are useful for encrypting / storing a user's personally identifiable information (PII) and uniquely identifiable information (UII) using Java technologies? e.g. What are the standard ways to encrypt / store Social…

java pci-dss pii

asked Apr 30 '18 at 20:07

PacificNW_Lover

4,746
31
90
144

votes

1 answer

How to Fix SSL Medium Strength Cipher Suites Supported in IIS 6.0

We tested the application for PCI Compliance and ended up with an error stating that **SSL Medium Strength Cipher Suites Supported** And the solution for this is given as Reconfigure the affected application if possible to avoid…

pci-dss pci-compliance

asked Feb 03 '11 at 12:49

Pranesh Nair

votes

1 answer

How to make Certbot disable a certain cipher

I am using Let'sEncrypt's Certificates. In an attempt to stay compliant w/ PCI DSS standards, I disabled support for the Triple DES (3DES) cipher in the conf file for nginx. But Certbot then noted that if I manually changed a conf file, it won't…

ssl nginx 3des pci-dss certbot

asked Jan 26 '18 at 15:13

1xor1

votes

2 answers

Will an XML sitemap make affect my website's PCI compliance?

I have an ecommerce website that's PCI compliant, and the website does not have an XML sitemap. The previous webmaster stated that he removed the sitemap because it caused the website to fail PCI validation testing. (We use the McAfee SECURE service…

seo e-commerce sitemap pci-dss

asked Jan 21 '11 at 15:03

t-nez

votes

1 answer

Using Google Cloud Function to get around PCI certification?

I am working on web application where I will have to receive credit card details but only so that I can pass those details to configured payment processor and receive the card id/token which will be stored. Usually this is done in front-end via JS…

e-commerce google-cloud-functions pci-compliance pci-dss

asked Oct 25 '17 at 18:27

user7174053

votes

1 answer

How to process credit cards without PCI DSS on backend

I have a JS front-end that communicates with the back-end via REST API and I need to process credit cards. I do not want to get into the full PCI DSS compliance stuff and I don't need to since I am using 3rd party provider(Stripe, Braintree..) that…

e-commerce stripe-payments braintree payment-processing pci-dss

asked Oct 06 '17 at 13:50

user7174053

votes

1 answer

AWS Serverless PCI-DSS Compliance

I noticed recently that Amazon got API Gateway and Lambda PCI-DSS certified. I would be interested to know what that does imply regarding the isolated network consideration, specifically: Is Amazon Lambda execution considered to be an isolated…

amazon-web-services lambda pci-compliance pci-dss

asked Jul 06 '17 at 18:37

Pierre

6,084
5
32
52

Prev 1 2 3

…

13 14 Next