Questions tagged [pci-dss]

The Payment Card Industry Data Security Standard is a worldwide information security standard assembled by the Payment Card Industry Security Standards Council (PCI SSC).

The PCI-DSS applies whenever an organisation stores, processes or transmits payment card data. Payment cards are Visa, MasterCard, JCB, American Express and Diners International branded cards. Compliance with PCI-DSS is measured either by a self assessment for small organisations or through an on-site assessment by a QSA for larger organisations. The size cut-offs are determined by the card schemes and based on the number of transactions that an organisation is involved with. Associated standards are PA-DSS and PTS-DSS for payment applications and PIN transaction security. All of these standards are set and maintained by the PCI Security Standards Council. Compliance with the standards is mandated by the various card schemes but is communicated through acquiring banks or other parties. Failure to comply to PCI-DSS can result in fines or other sanctions.

Latest version of PCI standards PCI DSS 3.2.1

211 questions

votes

1 answer

Costs of PCI Compliance?

We're developing a new piece of software (really just a single php script) that collects cardholder information and stores it in a MySQL database. Obviously we're taking every precaution with security (Firewall, Anti-Virus, SELinux, restrictive…

asked Feb 08 '11 at 20:53

LinuxGnut

votes

1 answer

Service for storing PCI sensitive data

I'm building a web application that handles sensitive PCI data (banking numbers, CC, SSNs, etc). Does anyone know of the best services out there to handle this data. I've looked into Rackspace and their PCI solution seems a little overkill for…

security hosting pci-dss

asked Feb 04 '11 at 21:35

Splashlin

7,225
12
46
50

votes

3 answers

Android 4.1 to 4.4 KitKat - Enable TLS 1.2 for API

In trying to disable TLS 1.0, there are KitKat devices needing access to my API. I have tried overriding the default socket factory without success. I have tried converting to okhttp. Still not working. How do I get Android KitKat to connect to my…

android android-4.4-kitkat tls1.2 pci-compliance pci-dss

asked Jul 19 '17 at 22:46

jnrcorp

1,905
1
18
25

votes

2 answers

Are there any remote credit card data stores out there which don't manage/process payments, just store the data?

Such a service would act similar to a payment gateway, but not actually authorize or charge the card, and would make our lives easier when it comes to PCI compliance. Our clients want us to hold onto the card information but not act on it. A month…

credit-card pci-dss

asked Nov 10 '10 at 00:47

Igor Nadj

votes

2 answers

Kubernetes & docker containers PCI DSS compliance

We are creating a new version of payment gateway processor and We want to use docker container with kubernetes but we are worried if Kubernetes and docker container follow the PCI DSS requirements. We don't find anything clear in PCI DSS…

docker payment-gateway kubernetes pci-compliance pci-dss

asked Sep 01 '15 at 10:32

Antonio Antelo

votes

4 answers

How to make my site PCI compliant

Assuming I decide to use payment gateway and not to use their hosted page, but rather provide my own credit card details form, and then send data to their backend via xml as explained on this page. Then: do I need to worry about PCI compliance? If…

payment-gateway pci-dss

asked Jul 08 '10 at 02:04

spirytus

10,726
14
61
75

votes

2 answers

How can I configure a PCI compliant development environment

We need to be PCI compliant for some credit card processing we do. How do people do this in other shops? How do you secure your SVN? How do you secure your build server? How does code get migrated from the developers to production?

pci-dss

asked May 28 '10 at 05:12

Peter

3,563
5
30
43

votes

0 answers

PCIDSS with Google tag manager

Wondering if anyone can shed any light on if using google tag manager is compliant with PCIDSS? I know there are provisions in it to ensure tags cannot be injected, such as securing servers, xss protections etc, but can't find anything on if a tag…

google-tag-manager pci-dss

asked Aug 15 '14 at 08:13

Rosstified

4,047
2
25
33

votes

3 answers

Credit Card storage solution

I'm developing a solution that is designed to store membership details, as well as credit card details. I'm trying to comply with PCI DSS as much as I can. Here is my design so far: PAN = Primary account number == long number on credit card Server…

java encryption pci-dss

asked Mar 24 '10 at 10:59

jtnire

1,348
5
21
32

votes

1 answer

IIS7.5 fails PCI for NTLM even though it is disabled

I must just be missing something simple, but I can't for the life of me figure out why a site is failing a PCI scan. It's specifically failing for "Account Brute Force Possible Through IIS NTLM Authentication Scheme." I've searched the web and come…

iis-7.5 pci-dss pci-compliance

asked Nov 26 '13 at 16:20

doulos2k

votes

3 answers

What restrictions, if any, exist over source code repository management under PCI-DSS?

What restrictions, if any, exist over source code repository management under PCI-DSS? The company I work at wants to develop a credit card processing service for clients hosted under our network. At the moment we're using SVN for version control.…

version-control mercurial pci-dss

asked Jan 21 '12 at 21:04

Marc Swingler

votes

1 answer

ModSecurity Rules: Which are better - GotRoot or TrustWave?

We've looking for some additional rules for ModSecurity (mod_security) - there are 2 commercial options, either GotRoot, or the new ones from…

apache apache2 pci-dss mod-security mod-security2

asked Nov 18 '11 at 10:36

Ben

votes

1 answer

Learn Payment Gateway, SSL and PCI DSS compliance checking - PHP

I am wanting to learn how to develop a payment gateway in PHP and the best practices(such as SSL and PCI DSS etc). Can anybody recommend any books/blogs that would help me with this, everything I have found is payment gateway specific and hasn't…

php ssl pci-dss

asked May 29 '11 at 10:03

John Magnolia

16,769
36
159
270

votes

2 answers

Securing SQL queries, insuring that no one person knows that password

What are some effective and secure methods of securing SQL queries? In short I would like to insure that programmers do not see the passwords used by the application to perform queries. Something like RSA or PGP comes to mind, but don't know how…

security database-connection pci-dss

asked Mar 24 '11 at 17:51

kruczkowski

votes

1 answer

TLS secure enough? Need rolling hash in a PA-DSS payment application?

I’m a software engineer and I’m currently working on another payment application (my 3rd one) that must go under PCI PA-DSS compliance. I’m re-examining the PA-DSS documentation and I’m wondering if in the past I overworked on the security of the…

security hash payment-gateway pci-dss pii

asked Mar 16 '11 at 15:18

Michel Triana

2,486
1
22
31

Prev 1 2

…

13 14 Next