Questions tagged [pci-dss]

The Payment Card Industry Data Security Standard is a worldwide information security standard assembled by the Payment Card Industry Security Standards Council (PCI SSC).

The PCI-DSS applies whenever an organisation stores, processes or transmits payment card data. Payment cards are Visa, MasterCard, JCB, American Express and Diners International branded cards. Compliance with PCI-DSS is measured either by a self assessment for small organisations or through an on-site assessment by a QSA for larger organisations. The size cut-offs are determined by the card schemes and based on the number of transactions that an organisation is involved with. Associated standards are PA-DSS and PTS-DSS for payment applications and PIN transaction security. All of these standards are set and maintained by the PCI Security Standards Council. Compliance with the standards is mandated by the various card schemes but is communicated through acquiring banks or other parties. Failure to comply to PCI-DSS can result in fines or other sanctions.

Latest version of PCI standards PCI DSS 3.2.1

211 questions

votes

1 answer

Checking patch integrity

I am working on j2ee web application and we have the following requirement: it should be impossible to install application patch with arbitrary classes. Right now patches are done by manually adding jars with fixes or even individual classes to…

java jakarta-ee pci-dss

asked Jul 20 '09 at 15:11

Sergey

3,253
2
33
55

votes

1 answer

Internal Vulnerability Scan Report

How do I write an Internal Vulnerability Scan Report for my project? Do I have to use a tool to generate this report? I have searched on the web related to this but I have been unable to understand it.

java pci-dss pci-compliance

asked Jul 17 '12 at 11:23

DDD

votes

1 answer

Store cardholder data in PayPal or other service provider?

I'm working on a e-commerce website with PayPal direct payment. Our customers are supposed to enter their credit card information in the page that hosted by PayPal, so that our server will NEVER touch the cardholder data. Our problem is that we…

paypal e-commerce credit-card recurring-billing pci-dss

asked Jul 08 '12 at 18:28

P.H

votes

1 answer

WordPress Plugin and One-Way Encryption

I was hoping someone could help me sort something out. I've been working on a shopping cart plugin for WordPress for quite a while now. I started coding it at the end of 2008 (and it's been one of those "work on it when I have time" projects, so…

wordpress security pci-dss

asked May 02 '12 at 17:22

Shelly

votes

5 answers

How much time does a developer spend reviewing logs?

PCI/DSS has a requirement indicating that an application's log should be reviewed AT LEAST daily for security events. Most network/infrastructure professionals can review network device logs but won't be familiar with actual applications. The same…

security logging project-management pci-dss

asked Jun 22 '09 at 12:36

McGovernTheory

6,556
4
41
75

-1

votes

1 answer

Collecting card data PCI level

We want to integrate a 3rd party service, regarding payments, their API waiting PAN & expiration date, and we need to determinate what PCI level do we need? So, we just collect this data on client, send them to our server which will send data to…

pci-compliance pci-dss

asked Jan 02 '19 at 12:18

jahoza

-1

votes

1 answer

Are there any java libraries that can be used to tokenize PANs (Credit Card numbers)?

Are there any opensource java libraries that can be used to tokenize PANs (Credit Card numbers)? Need the first 6 digits and last 4 digits to be preserved. The tokens generated are short lived. So, need to minimize the chance of any clashes. Just…

tokenize pci-dss

asked Jul 16 '18 at 03:43

Nalaka

-1

votes

2 answers

PCI DSS Compliance and Data locality

What is the best practice in terms of data locality in PCI DSS compliance world? Can I store data PCI/PII data (nope, we are not storing any of the CC#, CVV, or any magnetic stripe data) from one country in another country? Say for example, the…

pci-compliance pci-dss

asked Mar 29 '18 at 19:36

Jimson James

2,937
6
43
78

-1

votes

1 answer

Sending CC number to server with HTTPS without storing in DB

I have a server and a client application which runs in a web browser. I know it is better to make client do the request directly to the payment processor (by what's called a payment page) Having said that, I would like to know if it is considered OK…

e-commerce activemerchant pci-compliance pci-dss

asked Mar 01 '18 at 09:23

yanivps

1,993
3
25
33

-1

votes

1 answer

How and where to get PCI DSS certification for Amazon EC2 for my Android application

I have a cordova based hybrid android mobile application for which i am using NodeJS as server which is installed in Amazon EC2 cloud instance. My Application is an online ordering system, for which i have to accept payments. But for accepting…

android node.js amazon-ec2 pci-compliance pci-dss

asked Feb 20 '17 at 05:10

Rahul

-1

votes

1 answer

Account password transmission and PCI DSS compliance

i'm developing an android app that must be PCI PA-DSS compliant, my question is about this requirement in the PA-DSS_v3-1 document 3.3.1 Use strong cryptography to render all payment application passwords unreadable during transmission. let's say…

ssl encryption passwords pci-compliance pci-dss

asked May 30 '16 at 14:51

Leonardo Perez

-1

votes

1 answer

PCI compliance in existing Notes documents with Lotusscript

I am trying to X out all creditcard numbers in a Lotus Notes database. They are located in customer emails within a customer database with more than 80.000 documents. So my issue is to remove data (creditcard data) from "older" documents. My…

lotusscript pci-dss

asked Feb 25 '13 at 11:05

user1500961

-1

votes

1 answer

Pci- dss section 10

There are plenty of log reporting tool but I am having trouble on choosing. Can anyone advice me a tool for audit-log monitoring?

pci-dss pci-compliance

asked Aug 09 '12 at 09:01

Barny

-2

votes

1 answer

Is PCI Compliance is needed in Cordova Mobile App if I use Mobile Payment Gateway?

I want to implement the payment solution in my Cordova-Ionic Mobile App for iOS and Android. I am planning to use any third party Payment Gateways like Paypal SDK, Braintree etc or method that will redirect to the Gateway website. So do I want to…

cordova payment-gateway pci-compliance pci-dss

asked Jun 15 '16 at 06:51

Tony

-3

votes

2 answers

How can I display my SSN id in the ASP web page with PCI standards

In my ASP web page I am displaying SSN number " name ="txtSSNID" size ="20"> The Fortify Developer tool detects this as error. How can I fix this issue. I need to display the SSN Number but the thing is it should not caught while testing in Fortify…

asp-classic xss pci-dss

asked Mar 26 '09 at 05:19

web dunia

9,381
18
52
64

Prev 1 2 3

…