Questions tagged [pci-dss]

The Payment Card Industry Data Security Standard is a worldwide information security standard assembled by the Payment Card Industry Security Standards Council (PCI SSC).

The PCI-DSS applies whenever an organisation stores, processes or transmits payment card data. Payment cards are Visa, MasterCard, JCB, American Express and Diners International branded cards. Compliance with PCI-DSS is measured either by a self assessment for small organisations or through an on-site assessment by a QSA for larger organisations. The size cut-offs are determined by the card schemes and based on the number of transactions that an organisation is involved with. Associated standards are PA-DSS and PTS-DSS for payment applications and PIN transaction security. All of these standards are set and maintained by the PCI Security Standards Council. Compliance with the standards is mandated by the various card schemes but is communicated through acquiring banks or other parties. Failure to comply to PCI-DSS can result in fines or other sanctions.

Latest version of PCI standards PCI DSS 3.2.1

211 questions

votes

4 answers

Minimizing PCI compliance when my checkout flow has a confirmation page

I have a shopping cart flow like this: Page 1. Choose Products Page 2. Enter address, shipping, credit card details on a single page checkout. Page 3. User confirms the order - but we want a final opportunity to upsell, so we must be able to…

credit-card pci-dss

asked Nov 23 '09 at 00:19

Simon_Weaver

140,023
84
646
689

votes

2 answers

How can I check for SSL vulnerabilities on my web server?

Is there an easy way or online tool for checking a site's SSL vulnerability issues? From the PCI standards I see that a site has to force SSLv3 or TLSv1 protocols and high security encryption algorithms. And I need to check if my site is compliant…

security ssl pci-dss

asked Apr 02 '09 at 09:25

Emre Köse

votes

2 answers

is Last 4-digits of credit card and Expiry Date storage allowed in PCI-DSS?

We need to store last 4 digits of credit card, (in order to let customers know which card they have used?) and expiry date (to notify customers that their card is about to expire) for our subscription/recurring payment based SaaS application. are…

pci-compliance pci-dss

asked Jun 19 '17 at 12:17

Kiran Beladiya

votes

4 answers

using payment gateway and PCI compliance

I'm considering using eWay as payment gateway. They offer two options. One is to to allow users to type in credit card data on eWay hosted website, the other to use my own form and send credit card data via my server to eWays backend. The second…

payment-gateway pci-dss

asked Jul 08 '10 at 09:34

spirytus

10,726
14
61
75

votes

1 answer

PCI Level For Storing Credit Cards

I was just wondering what would be the PCI certification level if you were storing encrypted credit-card numbers for recurring billing. I plan to have less than 20,000 transactions annually, however, with the storing credit card numbers I am not…

pci-dss

asked Apr 26 '11 at 04:03

John Godspeed

1,387
2
10
16

votes

1 answer

Storing SEPA (IBAN and BIC) data - requires PCI compliance?

we would like to use a banking API to do SEPA transfers from our bank account to the user's bank account. For that the user needs to enter his IBAN and BIC into the form. We take those data (SSL secured) and transfer the money using the banking REST…

pci-compliance pci-dss iban

asked Nov 25 '16 at 07:05

S. F.

votes

2 answers

Open Source Static Source Code Analysis Tool (Security Oriented) For Java

I am looking for an open source static source code analysis tool that can be used for security testing of an android application. I need to make sure that my application is PCI compliant. An example of a non-open source tool is Fortify. Anyone can…

java android security pci-dss pci-compliance

asked Apr 09 '13 at 08:16

Strider007

4,615
7
25
26

votes

3 answers

Credit Card - Card on file services?

Does anyone have any experience with card on file services for credit cards, that handle the storage of credit card information for ongoing purchases? We are looking for a solution that can be integrated with a custom ASP.NET app via a web service…

asp.net web-services credit-card pci-dss

asked Jul 08 '09 at 13:43

schooner

3,047
8
30
39

votes

3 answers

How to make Google App Engine PCI Compliant?

I have read a few articles that say in order to have a PCI compliant cloud solution you need to have a private cloud environment and cannot use google app engine. Is it possible to create a PCI compliant website that specifically stores credit card…

google-app-engine pci-dss pci-compliance

asked Jan 20 '12 at 14:49

MindWire

3,969
7
34
46

votes

3 answers

Is PCI Compliance required with Payflow Link?

I have tried calling PayPal themselves, and the rep on the phone didn't even know Payflow Link could work this way, so I don't trust his advice. All my searching has encountered mixed answers. I am building an ecommerce site using Payflow Link,…

e-commerce paypal payment-gateway pci-dss

asked Jul 26 '10 at 17:29

Dave W.

1,576
2
18
29

votes

2 answers

PCI DSS and release deployment automation

One of the PCI DSS rules is: "The PCI DSS applies to all system components included in or connected to the cardholder data environment" How would you go about handling an SCM/release automation server? There has to be a port open from some server in…

release-management pci-compliance pci-dss

asked Apr 06 '15 at 00:07

Pavel Chernikov

2,186
1
20
37

votes

7 answers

Taking credit card information online without processing -- how best to do so?

I have had a number of requests from clients wanting to take a customer's credit card number online and then process the payment in store at a POS of terminal. I'm wondering what the best method of doing this is. I don't want to store the credit…

php encryption e-commerce credit-card pci-dss

asked Jul 18 '09 at 05:42

Darryl Hein

142,451
95
218
261

votes

3 answers

Why do FireFox and certain other browsers alter the URL in the address bar when the server responds

I'm having difficulty meeting PCI-DSS compliance this quarter because of the following problem. When you type the following into a…

http firefox pci-dss pci-compliance

asked Jun 18 '11 at 12:01

James Smith

votes

0 answers

PCI Compliance SAQ A-EP with direct post instead of iframe

For mobile apps, is direct post able to be used with SAQ A-EP? My prior understanding was that only iframe was eligible for this, but there seems to be an unspecified allowance (see below). It makes sense the would be an exception since if the…

e-commerce payment-gateway payment-processing pci-compliance pci-dss

asked Dec 16 '19 at 19:01

g491

votes

1 answer

Can I store user bank details without PCI compliance?

We are working on a project its nature is somewhat ride sharing , I read about PCI Compliance i know we have to be PCI Compliance if we are dealing with credit card or payment i am a little ambiguous do we store our drivers bank info like Account…

pci-compliance pci-dss banking

asked Feb 13 '19 at 08:02

Basit

Prev 1

…

13 14 Next