Questions tagged [pci-dss]

The Payment Card Industry Data Security Standard is a worldwide information security standard assembled by the Payment Card Industry Security Standards Council (PCI SSC).

The PCI-DSS applies whenever an organisation stores, processes or transmits payment card data. Payment cards are Visa, MasterCard, JCB, American Express and Diners International branded cards. Compliance with PCI-DSS is measured either by a self assessment for small organisations or through an on-site assessment by a QSA for larger organisations. The size cut-offs are determined by the card schemes and based on the number of transactions that an organisation is involved with. Associated standards are PA-DSS and PTS-DSS for payment applications and PIN transaction security. All of these standards are set and maintained by the PCI Security Standards Council. Compliance with the standards is mandated by the various card schemes but is communicated through acquiring banks or other parties. Failure to comply to PCI-DSS can result in fines or other sanctions.

Latest version of PCI standards PCI DSS 3.2.1

211 questions

votes

2 answers

reuse authentication keypair for encrypt and decrypt of data

We have a openssl/kerberos/openssh user-authentication which require a private and public keypair. I need to log in and fetch some data from a database. But I'm not allowed to store the data in the database in plain form. And the private key used to…

asked Dec 09 '10 at 11:06

MortenB

2,749
1
31
35

votes

1 answer

Is a reverse proxy appliance in the LAN need to be pci-dss compliant

We created a reverse proxy appliance (bridge) that transmit all the data in and out of the network. see diagram below. |------------------------LAN----------------------------| User --- Access Point --- Switch ---- Proxy --- Gateway --- WAN Assume…

pci-compliance pci-dss

asked Feb 21 '17 at 17:40

Niv Penso

votes

1 answer

do we need to encrypt all customer data for PCI

Do we need to encrypt all customer information like first name, last name,address or only those data which are related with card payment.

pci-compliance pci-dss

asked Feb 02 '17 at 05:23

Krishna Kumar

votes

0 answers

Changing java.security on bundled jre - PCI compliance

We are bundling jre along with our product and want to change java.security to disable TLSv1.0 (For PCI compliance). I want to check if doing that violates the license and if there are other products who does the same. Java license is unclear on…

java pci-compliance pci-dss

asked Oct 12 '16 at 09:09

Atul Soman

4,612
4
30
45

votes

1 answer

Card Data in server logs & Splunk -PCI-DSS

I have a little problem with the logs stored in Splunk. As PCI-DSS enforces, servers, DB's and logs should be scanned quarterly in case of any card data and if found, the files should be destroyed. After our scan with cardrecon we found some PAN…

security logging credit-card splunk pci-dss

asked Aug 25 '16 at 07:48

D.B.

votes

1 answer

Is POS application required to PCI DSS compliant

I am eftPOS software Engineer, develop bank financial applications. Applications are MTIP, ADVT and CUP certified. A/c to PCI DSS, are we also need to compliant our app with PCI. I ask this question b/c POS stores credit card information untill…

pci-dss

asked Feb 18 '16 at 10:49

Iqbal Haider

votes

1 answer

Which SAQs should I be filling as part of PCI DSS self assessment as web developer?

Which requirements I am oblige to fulfil as self assessment part , as web-developer for eCommerce application. I have lots of SAQ,s (self-assessment-questionnaires) as part of PCI DSS. What should be scope of concern throughout the development…

php pci-compliance pci-dss

asked Dec 04 '15 at 11:29

sakhunzai

13,900
23
98
159

votes

0 answers

Is OAuth appropriate for a service that stores highly sensitive data like credit cards?

I have made an iPhone app for users to book hotel rooms. A third party provides the service for booking the hotel rooms and charging the credit cards. At the moment, my app makes no attempt to save credit card information. It simply sends the credit…

security google-app-engine oauth pci-compliance pci-dss

asked Oct 19 '15 at 22:52

waynemystir

votes

1 answer

Apple Wallet and Google Wallet PCI compliance

We want our application to make a Visa/Mastercard transaction and we would like to store the card number to do recurrent transactions. However, we know that there are a lot of requirements to implement if we want to be PCI compliant. Can we use…

security android-pay passbook pci-compliance pci-dss

asked Oct 08 '15 at 17:00

Juliano

votes

3 answers

Azure data storage encryption?

I am creating an azure based application that must be pci compliant. There is an understanding within my company that to meet this compliancy any personally identifiable information (PII) should be stored encrypted. I have a number of questions. Is…

azure encryption azure-cosmosdb pci-compliance pci-dss

asked Aug 12 '15 at 19:58

Mark W

votes

1 answer

Upgrading of Apache 2.2.15 to Apache 2.2.29 on CentOS 6.6 64 bit

I need to upgrade Apache 2.2.15 to 2.2.19 on my CentOS machine. I tried following commands. yum update httpd yum install httpd-2.2.29 But its saying that no package available. And i also have httpd-2.2.29.tar.gz file so also tell me that how to…

apache pci-dss pci-compliance

asked Jun 04 '15 at 18:04

Virender Rana

votes

3 answers

PayPal payments pro and PCI DSS compliance

A similar question to what I am asking has been already answered on the link below. Paypal payments pro and pci compliance But this question is three years old. So I would appreciate if someone can give me an up to date answer. On PayPal's website…

paypal pci-dss pci-compliance

asked Mar 23 '15 at 03:53

Jay Bhatt

5,601
5
40
62

votes

1 answer

PCI DSS Mobile Application Payment and Credit Card Data

I need to implement a solution that allows a Mobile APP make a payment against a payment gateway service. The data I send are the card details and payment data itself. It is impractical to enter card details each time you want to make a payment,…

java mobile payment-gateway payment-processing pci-dss

asked Feb 18 '15 at 09:09

Azimuts

1,212
4
16
35

votes

1 answer

Regarding PCI-DSS compliance - File encryption

Our application needs to a handle a file with credit card information (Assume credit card number) from an external system through an FTP interface. This is a flat file (text). We need to process the data based on some business rules and then need to…

java encryption pci-dss openpgp

asked Jan 18 '15 at 11:06

kallada

1,829
4
33
64

votes

1 answer

PCI-DSS Certification for Google Cloud

Recently (2nd Dec 2014) Google announced that Google Cloud Platform is now PCI-DSS compliant. Since then there have been no updates on the same. I have checked the public forums, stackoverflow, google developers site to no avail. I am looking to…

google-app-engine google-cloud-platform pci-dss

asked Jan 15 '15 at 07:16

Vikram Tiwari

3,615
1
29
39

Prev 1 2 3

…

13 14 Next