Questions tagged [pci-dss]

The Payment Card Industry Data Security Standard is a worldwide information security standard assembled by the Payment Card Industry Security Standards Council (PCI SSC).

The PCI-DSS applies whenever an organisation stores, processes or transmits payment card data. Payment cards are Visa, MasterCard, JCB, American Express and Diners International branded cards. Compliance with PCI-DSS is measured either by a self assessment for small organisations or through an on-site assessment by a QSA for larger organisations. The size cut-offs are determined by the card schemes and based on the number of transactions that an organisation is involved with. Associated standards are PA-DSS and PTS-DSS for payment applications and PIN transaction security. All of these standards are set and maintained by the PCI Security Standards Council. Compliance with the standards is mandated by the various card schemes but is communicated through acquiring banks or other parties. Failure to comply to PCI-DSS can result in fines or other sanctions.

Latest version of PCI standards PCI DSS 3.2.1

211 questions

votes

5 answers

Old data stored in database file

How can I ensure that all data that I've erase from the db tables, is no longer stored in the mdb files (and others) on the hard disk? Here's my situation: My client used to store non-encrypted credit card data, in their database (SQL Server).…

asked May 15 '09 at 08:38

AviD

12,944
7
61
91

votes

1 answer

Do PCI requirements apply if you have a card number on an image but don't actually collect the data?

Company I work for will be receiving scanned images of forms from which we will be gathering data (putting into an XML file) Credit card numbers will have been written onto the forms, but we won't be collecting that data or processing a payment. In…

pci-dss pci-compliance

asked Dec 24 '11 at 04:00

James

votes

2 answers

Is my desktop app in scope for PCI certification?

I have a payment processing client that runs exclusively on the desktop. The operator enters payment data and clicks a button and my app sends the data off to a payment gateway via a secure channel. My app never stores sensitive payment data,…

paypal payment-gateway credit-card pci-dss pci-compliance

asked Dec 14 '11 at 20:19

ATL_DEV

9,256
11
60
102

votes

5 answers

Do I have to be PCI DSS Compliant?

What I am doing is developing a financial software and connect it to a third party credit card company which is pci compliant. Our company is a Canadian company. We are not pci compliant and not planning to be pci compliant. But we want to save last…

pci-dss

asked Dec 12 '11 at 19:31

Sen Zhao

votes

0 answers

iFrame Hosted Payments

I'm attempting to "consolidate" all payment entries for all our various web applications under a single "hosted" payment entry web application. To be as "flexible" as possible with our various web-applications and not compromising security, I…

iframe payment pci-dss hosted

asked Oct 19 '11 at 21:42

Michael Taylor

votes

1 answer

E-commerce merchant-hosted transactions

I am developing an e-commerce website, I want payment process to be done from my site. meaning user will enter credit card details in a payment page of my site. In short users should not be redirected to payment gateway for payment processing. I am…

e-commerce pci-dss

asked Jul 06 '11 at 10:35

Faizal

1,693
6
20
24

votes

1 answer

Resources/services for PCI compliance? Fix for "Cross-site scripting vulnerability in category parameter" vulnerability?

An auditing firm said we are not PCI compliant, but provided unhelpful instructions on how to resolve the issues. They are clearly hoping we will engage their consulting unit. What resources/services have you used to plug gaps after receiving a PCI…

security e-commerce credit-card pci-dss

asked May 26 '11 at 19:12

Crashalot

33,605
61
269
439

votes

1 answer

Drupal/Ubercart UK payment Gateway that does'nt require PCI DSS compliance

Im looking for a Drupal6/ubercart2 payment module for any UK payment gateway which does'nt require PCI DSS compliance. My website is a relatively low transaction shoppingcart and acquiring compliance is over the budget. For example, there is a…

drupal payment-gateway ubercart pci-dss

asked Apr 23 '11 at 15:55

sysasa

votes

1 answer

Is Google Cloud Storage PCI compliant?

Here is the Google Cloud Platform: Customer Responsibility Matrix. This document basically goes through all of the PCI DSS requirements and explains what is done by GCP and what is supposed to be done by the customers. This document states that…

google-cloud-platform google-cloud-storage pci-compliance pci-dss

asked Jun 26 '19 at 12:00

Amit Yadav

4,422
5
34
79

votes

2 answers

How to store Credit Card info on iOS / Android in a PCI-compliant manner

I'm building a mobile app that accepts payments. The user enters their CC details, and the payment info is submitted to a retailer's POS system over HTTPS. The POS processes the payment directly and needs the actual credit card info to work,…

encryption payment pci-compliance pci-dss rncryptor

asked Apr 13 '17 at 20:57

DTs

1,196
1
11
28

votes

2 answers

PCI Compliance - Non authenticated DB

I have no idea where to go for PCI compliance questions, so I'd thought I'd give SO a shot. If someone can point me in the right direction of where I can go to ask questions, please share. I'll be happy to mark that as an answer as well. If a PCI…

security mongodb pci-dss pci-compliance

asked Nov 24 '10 at 16:29

Bradford

4,143
2
34
44

votes

0 answers

PCI compliant way to move encrypted passwords(and salts) to a new server/database

We're moving away from a hosted e-commerce platform and need to migrate 50000+ customers, ideally keeping their passwords intact. I requested the customer data(including encrypted passwords and salts) from our current host and they refused saying…

security ssl pci-compliance pci-dss

asked Feb 16 '16 at 09:18

alexwatever

votes

4 answers

Secure DataVault for storing credit card details - PCI DSS

I have been reading a few articles which describe using a Datavault and tokenisation to reduce PCI DSS burden. My question is, are there any companies that offer to store data like credit card information securely in exchange for a token and do…

credit-card pci-dss

asked Aug 09 '10 at 12:20

KSS

votes

2 answers

Does a server that serves a form requesting a user's credit card information need to be PCI compliant

I'm building a new web application that serves a form requesting the user's card information. Submitting this form will post the form data to a different, fully PCI-DSS compliant application. Does the application that serves the form to users need…

forms security credit-card pci-dss

asked Jan 06 '15 at 16:48

Herrad

votes

1 answer

NopCommerce PCI

Running NopCommerce 3.40 I think i read somewhere that NopCommerce's Shopping cart is PCI compliant. It also looks like NopCommerce's shopping cart stores Credit card data. 1.) So what does this PCI process do? 2.) Is it just a fashion of…

nopcommerce pci-dss pci-compliance

asked Oct 02 '14 at 15:53

Strawberry Farmer

Prev 1 2 3

…

13 14 Next