Questions tagged [pci-dss]

The Payment Card Industry Data Security Standard is a worldwide information security standard assembled by the Payment Card Industry Security Standards Council (PCI SSC).

The PCI-DSS applies whenever an organisation stores, processes or transmits payment card data. Payment cards are Visa, MasterCard, JCB, American Express and Diners International branded cards. Compliance with PCI-DSS is measured either by a self assessment for small organisations or through an on-site assessment by a QSA for larger organisations. The size cut-offs are determined by the card schemes and based on the number of transactions that an organisation is involved with. Associated standards are PA-DSS and PTS-DSS for payment applications and PIN transaction security. All of these standards are set and maintained by the PCI Security Standards Council. Compliance with the standards is mandated by the various card schemes but is communicated through acquiring banks or other parties. Failure to comply to PCI-DSS can result in fines or other sanctions.

Latest version of PCI standards PCI DSS 3.2.1

211 questions

vote

1 answer

Java String vs PCI-DSS Sensitive data

In Requirement 3.2 of PCIDSS is the first sentence: "Do not store sensitive authentication data after authorization". Should I this apply also to the operation memory(RAM)? Because my security officer understands it this way, so he prohibits us from…

asked May 26 '17 at 13:26

Tomas Jacko

vote

1 answer

Is it PCI compliant to momentarily save Credit Card in order to pass on to the API and then destroy the field?

I am trying to determine a PCI compliant way to pass on a Credit Card number to the payment API. One of the most obvious ways I can think of is to create a local variable to accept the CC# from the user, pass on to the API and then destroy the…

payment-gateway credit-card pci-compliance pci-dss

asked Apr 04 '17 at 01:23

Vivek Sinha

vote

2 answers

Implementation of enhanced Luhn algorithm?

Does anyone know of any implementation of an enhanced or augmented Luhn formula for checking modulus-10 “double-add-double” check digits on payment cards? Enhancement was suggested in this paper:…

checksum credit-card modulus pci-dss luhn

asked Mar 27 '17 at 17:28

Simon Towler

vote

0 answers

Payment Card Industry PCI Compliance for Azure PCI DSS AppServices

This is probably not the correct place to put this but, its a start. We have a payment processor that has an API we want to integrate with in a couple of our applications. They are PCI certified and in order for us to use their API we must be…

azure credit-card pci-compliance pci-dss azure-app-service-envrmnt

asked Dec 19 '16 at 18:23

chdev77

vote

1 answer

Remove Response Header - nuSOAP Server Side Instance

I need to be able to restrict what is being sent via send_response() method of nuSOAP at the server end. When $server->service ( $HTTP_RAW_POST_DATA ) it automatically calls private method…

php ws-security nusoap pci-dss

asked Sep 22 '16 at 15:48

Indark

vote

2 answers

Is masked pan unique?

I can retrieve my customer's credit card number and pan hash from a payment solution as follows: 492500******1234 The payment solution I use can generate different pan hashes each time for the same credit card, so this causes multiple records for…

database credit-card pci-dss

asked Aug 25 '16 at 09:05

Mehmed

2,880
4
41
62

vote

1 answer

Kubernetes command logging on Google Cloud Platform for PCI Compliance

Using Kubernetes' kubectl I can execute arbitrary commands on any pod such as kubectl exec pod-id-here -c container-id -- malicious_command --steal=creditcards Should that ever happen, I would need to be able to pull up a log saying who executed the…

kubernetes google-cloud-platform google-kubernetes-engine pci-compliance pci-dss

asked Jul 21 '16 at 21:26

nathanjosiah

4,441
4
35
47

vote

2 answers

PCI-DSS Compliance Using Checklist A

Our current setup. We fully outsource our card processing service to a PCI compliant vendor. The way customers enter their card information is from a web page iframe delivered directly to their browser from the 3rd party vendor. Our understanding…

pci-compliance pci-dss

asked Apr 08 '16 at 13:19

Bryan

vote

1 answer

Braintree Android - Use Cardbuilder to add credit card at SAQ A PCI Compliance Level

I am new to Braintree and I want to have my own custom UI to store Credit card. I am using the following code to tokenize the credit card. CardBuilder cardBuilder = new CardBuilder() .cardNumber(mCardForm.getCardNumber()) …

android braintree pci-compliance pci-dss

asked Mar 02 '16 at 23:49

SoH

2,180
2
24
53

vote

2 answers

PCI DDS SAC D for small business with one emploee

I'm trying to figure out how to properly fill in PCI SAC D compliance form for a startup business with the only one owner/architect/developer/admin/QA/etc - all of them is me alone. It's a web app for selling a particular intangible service. No card…

pci-dss

asked Jan 26 '16 at 08:09

Alexander Kovalevich

vote

1 answer

Making a VPS PCI Compliance

Apologies in advance as this question has been asked many times. This is my first time working with PCI and I have no idea where to start from. I have done a lot of reading but haven't managed to grasp the process. I have also gone through all of…

php paypal pci-compliance pci-dss

asked Nov 11 '15 at 02:18

Jay Bhatt

5,601
5
40
62

vote

1 answer

Secure deallocation of boost::asio::const_buffer

For the purpose of PA:DSS I need to be sure that boost::asio::const_buffer (e.g. in boost::asio::async_write) will be zeroed when coming out of scope. With a STL containers I can substitute a allocator/deallocator like this: void…

c++ security boost pci-dss

asked Sep 14 '15 at 06:08

blech

vote

2 answers

Post-Redirect-Get Model - Data Storage Methods & PCI Compliance

My question is on how to preserve data during the redirect when using the PRG Pattern on my forms. Specifically, I'm wanting to use this in an ecommerce application. I have three options of storing the data over the redirect, and I have concerns…

php pci-dss post-redirect-get

asked Jul 12 '10 at 13:12

swt83

2,001
4
25
33

vote

1 answer

Iframe within iframe - Is there a direct connection? PCI-DSS q

Theory question please. Site 'A', contains an iframe to domain 'B', the html hosted on domain 'B' in turn has an iframe to domain 'C'. A user is browsing site 'A'. Do they have a direct connection to domain 'C' or is their connection via the iframe…

html iframe pci-dss

asked Jan 20 '15 at 10:22

yeleek

vote

3 answers

How do I legally become PCI compliant and use Stripe?

I'm new to PCI and would like to use Stripe as my payment gateway. They don't charge monthly fees, and have a good php system to send funds from site to Stripe. Right now I know I can allow customers to put in their card information, use Stripe's…

stripe-payments pci-dss

asked Oct 09 '14 at 01:29

user2296112

Prev 1 2 3

…

13 14 Next