Questions tagged [pci-dss]

The Payment Card Industry Data Security Standard is a worldwide information security standard assembled by the Payment Card Industry Security Standards Council (PCI SSC).

The PCI-DSS applies whenever an organisation stores, processes or transmits payment card data. Payment cards are Visa, MasterCard, JCB, American Express and Diners International branded cards. Compliance with PCI-DSS is measured either by a self assessment for small organisations or through an on-site assessment by a QSA for larger organisations. The size cut-offs are determined by the card schemes and based on the number of transactions that an organisation is involved with. Associated standards are PA-DSS and PTS-DSS for payment applications and PIN transaction security. All of these standards are set and maintained by the PCI Security Standards Council. Compliance with the standards is mandated by the various card schemes but is communicated through acquiring banks or other parties. Failure to comply to PCI-DSS can result in fines or other sanctions.

Latest version of PCI standards PCI DSS 3.2.1

211 questions

votes

2 answers

Is there a secure way to guarantee credit card uniqueness?

So, like any reasonably competent web development shop, we wear cotton gloves when we touch credit cards, and we use Braintree SecureVault to store them so we are clear of PCI Compliance issues. However now we want to offer a free trial for our…

hash credit-card pci-dss

asked Feb 10 '11 at 00:04

gtd

16,956
6
49
65

votes

1 answer

PCI Compliant service to store credit card info - [NON-US Company]

I am developing a website that will allow customers to pay with credit cards. I live in Uruguay, so I can't apply for a normal merchant account like Authorize.net, Braintree, etc. So I can't use the functionality they have to store credit cards to…

api payment-gateway credit-card pci-dss

asked Dec 15 '10 at 00:31

Andres Montalban

votes

1 answer

Purging Database Records

I'm dealing with having to store some payment card data. In order to be compliant with PCI DSS regulation, we have to purge the data from discs by not just deleting the file from the storage system, but also writing over the bytes with a random…

database pci-dss

asked Nov 29 '10 at 13:15

Paul Turner

38,949
15
102
166

votes

3 answers

Encryption Key Management Software and Transparent Data Encryption MySQL

For PCI compliance, is there any recommended Encryption Key Management Software? Open source preferable, but commercial is ok too. Is there a tool or software that provides both?

mysql pci-dss key-management

asked Jul 29 '10 at 07:41

Prabhu R

13,836
21
78
112

votes

1 answer

Missing Secure Flag From SSL Cookie (http-cookie-secure-flag)

I need expert comment/feedback on an issue which I am facing. I have PCI compliance report for one of the Magento site I am working on. (Magento 1.4.1.1).The report was generated using nexpose The PCI report states following. Missing Secure Flag…

php security magento cookies pci-dss

asked Oct 23 '15 at 11:34

Mukesh

7,630
21
105
159

votes

3 answers

Jasypt StandardPBEStringEncryptor setting password in spring bean configuration file

When using Jasypt's StandardPBEStringEncryptor we have to set password explicitly in spring bean configuration file. Is it ok and secure to have the password in the bean configuration file? Will it be a problem in PCI Compliance to store the…

security encryption spring-security pci-dss jasypt

asked Jul 22 '10 at 13:23

Prabhu R

13,836
21
78
112

votes

0 answers

How to make Android app secure for payment system?

I am developing an Android app that selling mobile credits over the internet. My app just keeps user credit card information and never saving any password. I am in Iran and my country isn't accept any foreign banking system.So I can use only local…

android pci-compliance pci-dss

asked Aug 18 '15 at 06:12

Amir H

1,116
1
11
25

votes

2 answers

Best Practices to Minimise PCI DSS Exposure

Michael Rembetsy from etsy.com offers some insight in terms of segmenting software components into PCI and non-PCI environments. I'm trying to determine to most optimal solution in terms of software architecture. Is it best practice to segment your…

architecture soa modular pci-dss pci-compliance

asked Jun 18 '15 at 10:58

Paul Mooney

1,576
12
28

votes

1 answer

Paypal Payflow Link silent post obsolete encryption

I have searched the site for a similar question and have only found one which doesn't actually answer my question: here I have an ecommerce site implemented in pure php which uses both Authorize.Net and Paypal Payments Advanced with the silent post…

ssl paypal silent pci-dss payflowlink

asked May 20 '15 at 05:53

Puiu Ioan

votes

2 answers

Credit card payments (card-present, swiped) with ASP.NET MVC

I need to take credit card payments with physical cards swiped in an ASP.NET MVC app. The easiest approach would likely be to have a simple "keyboard-wedge" swipe (USB now days), so that the track data gets sent as keyboard input to a password-type…

asp.net-mvc security pci-dss

asked Jun 05 '14 at 03:27

Jim Balo

votes

2 answers

SQL Server 2008 + PCI Compliance? Pertains to PCI, as well as Symmetric keys!

I've never had to deal with PCI compliance before. I've been reading their documentation and it says I need to protect the credit card number, expiration date and the card holder's name. No storage of security codes ever. In their documentation,…

sql-server-2008 encryption pci-dss symmetric-key

asked Feb 06 '10 at 02:00

Gromer

9,861
4
34
55

votes

2 answers

Browsing to .../trace.axd shows server information - PCI show stopper

My company runs PCI compliance scans and one that dings us every time is that ASP.NET Detailed Error Message Information Leak. The description is: A detailed ASP.NET error message was discovered... and it's worried that we are showing potential…

asp.net iis-7 pci-dss

asked Feb 03 '14 at 18:42

Deverill

votes

2 answers

Preventing executables with invalid Authenticode signatures from running

We publish an update patch to our software package in a single executable file. The file is signed with an Authenticode digital signature, using the certificate issued to us. The file is downloaded to Windows XP or Vista systems that our customers…

code-signing pci-dss authenticode

asked Oct 29 '09 at 20:10

Matthew Smith

votes

1 answer

PayPal vault storage - sending credit card info securely

I am evaluating some Payment Gateway options and am looking at PayPal's vault option (similar to Braintree's vault). What I found is that in the case of Braintree's vault storage, I can send credit card info securely (encrypted) to be stored on…

paypal credit-card pci-dss pci-compliance braintree

asked Apr 18 '13 at 14:52

lzp

votes

3 answers

multiple captures on a single credit card authorization

In lieu of saving credit card information locally for recurring payments I was thinking I could request an authorization from a payment gateway for a certain amount and then capture that amount multiple times, every month or so. One Payment…

payment-gateway credit-card pci-dss recurring-billing

asked Nov 09 '12 at 17:14

neubert

15,947
24
120
212

Prev 1 2 3

…

13 14 Next