Stack Overflow
Stack Overflow

Questions tagged [pci-dss]

The Payment Card Industry Data Security Standard is a worldwide information security standard assembled by the Payment Card Industry Security Standards Council (PCI SSC).

The PCI-DSS applies whenever an organisation stores, processes or transmits payment card data. Payment cards are Visa, MasterCard, JCB, American Express and Diners International branded cards. Compliance with PCI-DSS is measured either by a self assessment for small organisations or through an on-site assessment by a QSA for larger organisations. The size cut-offs are determined by the card schemes and based on the number of transactions that an organisation is involved with. Associated standards are PA-DSS and PTS-DSS for payment applications and PIN transaction security. All of these standards are set and maintained by the PCI Security Standards Council. Compliance with the standards is mandated by the various card schemes but is communicated through acquiring banks or other parties. Failure to comply to PCI-DSS can result in fines or other sanctions.

Latest version of PCI standards PCI DSS 3.2.1

211 questions
0
votes
3 answers

PCI compliant hash of a credit card number

Someone has queried me to see if they can use their customers credit card numbers as membership numbers. So looking up the PCI requirements for storing credit card numbers it says that a one way hash of the credit card number is required. Page 38…
CathalMF
  • 9,705
  • 6
  • 70
  • 106
0
votes
1 answer

Mcafee PCI Compliance failing on Session ID cookie?

I am attempting to obtain PCI compliance for my site but the Mcafee security scan has thrown a: Potential Sensitive Persistent Cookie Sent Over a Non-Encrypted (SSL) Channel Drupal (default behavior) sets a session cookie when you simply arrive at…
frio80
  • 1,293
  • 3
  • 14
  • 23
0
votes
1 answer

What is Example of PCI DSS Requirements Related to Database Encryption?

Now, I have to know about what is PCI DSS and example of PCI DSS requirements related to database encryption because our company's business model project. Additionally, How can I deal with these database encryption system economically in MySQL DB?…
user3701291
  • 3
  • 3
0
votes
0 answers

Unique Credit Card processing requirement?

I am working with a client to migrate their 12 year old ecommerce site to a more modern platform. The manner in which they process credit cards is something I don't have experience with, and either I can't seem to punch the right combination of…
Kyle
  • 271
  • 1
  • 2
  • 10
0
votes
1 answer

How to securely store credit card info as part of a devise user in rails?

I am making a web service where credit card information will be stored as part of a user profile and will be used to process payments. However, I don't like the idea of saving the card information as raw text in a database. Instead, I would like to…
johncorser
  • 9,262
  • 17
  • 57
  • 102
0
votes
4 answers

Paypal API with no PCI Compliance

It is clear from various discussions that if I accept the credit card on my site and call Paypal API to pass the CC to Paypal, I have to be PCI compliant as well. In our solution, user uses forms on our web page to submit credit card information.…
Klaus
  • 2,328
  • 5
  • 41
  • 62
0
votes
2 answers

PCI DSS compliant related to the Mobile Application payment

I am developing an Android application (native) which contains a module to make reservations on hotels \ taxi etc . I am planning to accept the payment details (amount, credit card number, expiry date etc ) from a screen of my application and pass…
Apsara Wanasinghe
  • 3
  • 1
  • 3
0
votes
2 answers

PCI Compliance in the Cloud Azure

Question about PCI-DSS compliance when a website is hosted in the cloud. So, the website has a form asking for credit card details. This form is then posted back into my site and the card details are manipulated into an xml message which is then…
user3165720
  • 3
  • 1
0
votes
1 answer

PCI Compliance/PayPal API

So after MUCH research online, I'm coming to the one place I know someone will be able to help me! We have a site that WILL accept credit card payments via PayPal's Classic API. More specifically, we'll be accepting credit cards for recurring…
Dan
  • 524
  • 1
  • 5
  • 17
0
votes
2 answers

E-commerce compliance when card details are processed by a third party

What forms of e-commerce compliance such as PCI-DSS apply when the card details are processed by a third party such as Paypal? Am building a bespoke shopping cart system that uses Paypal Express, so the card details never hit my server. I do however…
Mathew Attlee
  • 549
  • 1
  • 4
  • 15
0
votes
2 answers

SagePay's Direct Integration Or CyberSource's SOAP API Method!! Should I be PCI complaint?

I am currently integrating payment gateway to our merchant page. We are expecting about 100000 to 0.5mil transactions per month on our website. We have SSL certificate on our payment pages. Both SagePay and CyberSource equivalent for maximum payment…
Karthik
  • 1,091
  • 1
  • 13
  • 36
0
votes
1 answer

PHP site with NET ValidateRequest errors

I have a PHP site that fails on the PCI complience and the only error that i am getting is Microsoft ASP.NET ValidateRequest Filters Bypass Cross-Site Scripting Vulnerability This is a PHP site on a IIS. what can i do to make this site pass the PCI…
MZaragoza
  • 10,108
  • 9
  • 71
  • 116
0
votes
2 answers

PCI - Card Data Transmission

I understand that PCI compliance affects not just storage of card details but does it also affect transmission. E.g. if I simply want to collect a card number and transmit it over https does this require PCI compliance steps to be taken?
AJM
  • 32,054
  • 48
  • 155
  • 243
0
votes
1 answer

ClickOnce verbose - PCI compliance logging

Is verbose ClickOnce logging considered compliant with PCI DSS 2.0 Requirement 10.2.7, at least as far as its content (Requirement 10.3) goes? (10.2) Implement automated audit trails for all system components to reconstruct the following …
Jirka Hanika
  • 13,301
  • 3
  • 46
  • 75
0
votes
1 answer

Pci-Dss Policies And Procedures

I have bought PCI Compliant Security Policies and Procedures document from pcipolicy. Their written policies are ok.However, document does not help me on procedures. They just give the same suggestions with the…
Barny
  • 383
  • 1
  • 3
  • 13
1 2 3
13
14