Questions tagged [pci-dss]

The Payment Card Industry Data Security Standard is a worldwide information security standard assembled by the Payment Card Industry Security Standards Council (PCI SSC).

The PCI-DSS applies whenever an organisation stores, processes or transmits payment card data. Payment cards are Visa, MasterCard, JCB, American Express and Diners International branded cards. Compliance with PCI-DSS is measured either by a self assessment for small organisations or through an on-site assessment by a QSA for larger organisations. The size cut-offs are determined by the card schemes and based on the number of transactions that an organisation is involved with. Associated standards are PA-DSS and PTS-DSS for payment applications and PIN transaction security. All of these standards are set and maintained by the PCI Security Standards Council. Compliance with the standards is mandated by the various card schemes but is communicated through acquiring banks or other parties. Failure to comply to PCI-DSS can result in fines or other sanctions.

Latest version of PCI standards PCI DSS 3.2.1

211 questions

vote

2 answers

PCI DSS Compliance when extracting data for analysis

Here's the scenario: I've got 2 subnets. 1 is PCI DSS Compliant and the other one is not. Can I extract data to process on Kafka from the PCI compliant subnet into the non-compliant one? tl;dr Data that has to be analysed is on the compliant…

asked Jan 08 '22 at 20:20

Ton

vote

0 answers

Certifications needed for FinTech companies

I am trying to do some research on all the types of certifications needed for a FinTech company like PCI-DSS, etc. What all other certification can be used by the company, in terms of IT security as well. To know that this company is having these…

security pci-compliance pci-dss secure-coding

asked Feb 24 '21 at 05:45

mr-nobody

vote

0 answers

With what popular security standards the internet bank has to comply?

I'm looking for the whole list of security standards for internet banking. I know that the internet bank has to comply with the Payment Card Industry Data Security Standard (PCS DSS). Could you please suggest to me other similar…

pci-dss

asked Jan 28 '21 at 14:54

VladosJS

1,210
8
20

vote

2 answers

PCI compliance and local admin rights

Does PCI DSS compliance forbids developers to have local admin rights on their PC?

administration pci-dss pci-compliance

asked Jun 27 '11 at 07:30

Kai

38,985
14
88
103

vote

1 answer

PCI File System+RDBMS Auditing/Scan

Which (open source) tools are available for scanning systems like SQL Databases/File Systems for cardholder data? So far we've found PANBuster, 7seec and PANscan and are wondering whether there's more out there (preferrably open source).

pci-dss pci-compliance computer-forensics

asked Jun 10 '11 at 19:59

dfs

vote

1 answer

Is Azure Front Door PCI-DSS Compliant?

Azue Front Door supports TLS versions 1.0, 1.1 and 1.2. Currently removing TLS versions 1.0, 1.1 from Azure Front Door is not supported. PCI standards requires that protocols TLS 1.0, 1.1 can no longer be used for secure communications. So can you…

azure security pci-compliance pci-dss azure-front-door

asked Sep 30 '19 at 12:39

Kunal Gujar

vote

1 answer

Setting up Magento's Payment Bridge with two Authorize.Net accounts

Please note: We are using Magento's Professional Edition which does not come with Vendor Support. I've looked over previous questions, and while I can find questions and answers about multiple payment gateways on a site, I can't find anything about…

magento payment-gateway authorize.net pci-dss

asked Apr 08 '11 at 20:23

mattbryanswan

vote

1 answer

RDP Fails PCI-DSS Scan

I'm having an issue with RDP failing the PCI-DSS scan (port 3389) due to the default self-signed cert that Microsoft Server (2012 R2) generates when RDP is set up. I need to configure RDP to use a trusted cert. How would I do that? I can find…

rdp pci-dss

asked Sep 25 '18 at 14:11

Prescott Chartier

1,519
3
17
34

vote

0 answers

HTTP Security Header Not Detected, PCI DSS

I am using this server machine to publish my web site to the world wide web; Windows server 2012 R2 Standart, 64 bit operating system, Intel(R) Xeon(R) CPU E5-2650 v3 @ 2.30GHz 2.29 GHz (2 processors) I use credit card payment system module on my…

asp.net security iis windows-server-2012-r2 pci-dss

asked Feb 23 '18 at 12:22

mannyCalavera

vote

3 answers

CryptoStream forces me to leak sensitive data into RAM

So here are my goals: Decrypt a byte[] into a pinned byte[] buffer. I don't want the plain-text to exist anywhere else in memory, outside of this pinned byte[], which I control. How can I do this in C#? I naively used the CryptoStream class. But…

c# .net encryption garbage-collection pci-dss

asked Aug 31 '17 at 00:59

Nir Maoz

vote

2 answers

The remote service supports the use of medium strength SSL ciphers errors in PCI scan

I received this error when my server was scanned for PCI compliance. I was wondering if it may be because I shut off iptables. I do not want to ask them to scan it again until I am sure that it will pass. My first question is, is there any way to…

linux ssl tcp iptables pci-dss

asked Dec 28 '10 at 15:53

Greg Alexander

1,192
3
12
25

vote

1 answer

PCI Compliance. Pass credit card information to a 3rd party API

I have an application that requests Credit Card information to do a payment to a third party company. My application captures the CC, CVV, Expiration Date, etc. and then passes that information to their API that charges the customer. I've been…

e-commerce stripe-payments pci-compliance pci-dss

asked Jul 02 '17 at 20:50

user3587624

1,427
5
29
60

vote

2 answers

Ensure temporary storage of card holder data meets PCI-DSS requirements?

We have to be sure that this temporary data will be persistent and that deletion is compliant with the DoD's security standards (wiping data on the disk / avoiding storage on the disk). I thought to store the data encrypted with the RIJNDAEL 256…

php mysql security cryptography pci-dss

asked Dec 16 '10 at 20:23

Christophe Eblé

8,071
3
33
32

vote

0 answers

How to safely access & store credit card information for an HTTPS request

I have a third party API that connects directly to a restaurant's POS system. In order to pay for a meal, the API requires that I send credit card information through an HTTPS POST request so that it may be used to complete a payment. I know not to…

ios swift security payment pci-dss

asked Jun 05 '17 at 23:31

Abishek Chozhan

vote

1 answer

Running a shopping cart application

If I run a shopping cart application, does the web server need to be PCI compliant? The reason I ask because of the fact that I don't process the payments on the site anyway. The main payment method will be through Paypal. I have not decided yet…

shopping-cart payment pci-dss pci-compliance

asked Dec 12 '10 at 07:57

user152235

Prev 1 2 3

…

13 14 Next