Questions tagged [pci-dss]

The Payment Card Industry Data Security Standard is a worldwide information security standard assembled by the Payment Card Industry Security Standards Council (PCI SSC).

The PCI-DSS applies whenever an organisation stores, processes or transmits payment card data. Payment cards are Visa, MasterCard, JCB, American Express and Diners International branded cards. Compliance with PCI-DSS is measured either by a self assessment for small organisations or through an on-site assessment by a QSA for larger organisations. The size cut-offs are determined by the card schemes and based on the number of transactions that an organisation is involved with. Associated standards are PA-DSS and PTS-DSS for payment applications and PIN transaction security. All of these standards are set and maintained by the PCI Security Standards Council. Compliance with the standards is mandated by the various card schemes but is communicated through acquiring banks or other parties. Failure to comply to PCI-DSS can result in fines or other sanctions.

Latest version of PCI standards PCI DSS 3.2.1

211 questions

vote

2 answers

Why does a file need to be renamed 30 times before deletion?

I have been reviewing a number of applications for securing deleting files. I understand the concepts of overwriting the file several times with zeros and random characters; however, I don't understand the concept of renaming the file up to thirty…

c# security file-io pci-dss

asked Apr 05 '10 at 02:27

Brennan Mann

1,467
2
17
26

vote

2 answers

CVE-2011-1092 on Centos / PCI DSS compliance

A security scan of a client's site flagged up the fact that, since they were running PHP 5.3.3, they were vulnerable to CVE-2011-1092 (fixed in 5.3.6 and above). Normally I'd say that backporting would have dealt with this, as their PHP has been…

php centos rhel pci-dss pci-compliance

asked May 07 '14 at 07:56

Giles Bennett

1,509
1
12
15

vote

1 answer

PCI DSS security - SRED protection

i have a simple question... Using a PCI PTS 3.0 hardware that secures sensitive data with SRED procedure with DUKPT double lenght TDES keys. Is the resulted encrypted data SAFE ? Let say would it be considered safe if you would send it over…

security pci-dss pci-compliance

asked Feb 27 '14 at 19:06

Lonko

vote

3 answers

Software and Security - do you follow specific guidelines?

As part of a PCI-DSS audit we are looking into our improving our coding standards in the area of security, with a view to ensuring that all developers understand the importance of this area. How do you approach this topic within your…

security language-agnostic coding-style pci-dss

asked Jan 19 '10 at 09:59

Richard Ev

52,939
59
191
278

vote

1 answer

PCIDSS masking bank account number

I am just curious, do PCIDSS regulation requires us to mask the bank account number? i know that credit card numbers need to be masked, but how about bank account number? Thanks for the answer in advance

masking pci-dss pci-compliance

asked Dec 03 '13 at 03:40

danial

vote

2 answers

How do I get a friendly error page to replace the asp.net error page for url "WEB-INF./web.xml"?

This url is part of a pci compliance scan and it is flagging the very sparse asp.net error page returned, which on the live site is a 500 status code and the text Server Error in '/' Application. Runtime Error Description: An exception occurred…

asp.net iis url-rewriting iis-8 pci-dss

asked Oct 09 '13 at 01:22

quentin-starin

26,121
7
68
86

vote

2 answers

Is it possible to create an automatic payment solution with varying sums?

There are many payment processors that handle recurring payments and subscriptions with a fixed amount for each time period. I am looking to implement a solution similar to Google Apps or Amazon AWS where you are instead automatically billed a…

payment pci-dss

asked Aug 29 '13 at 12:54

Daniel Zakrisson

vote

4 answers

Is there any way instead of a JS hack where I can post from an iframe to another page outside the iframe?

Is there any way instead of a JS hack where I can post from an iframe to another page outside the iframe? the iframe is posting data to a 3rd party and then just responding back with a URL which is the redirection URl thus we cannot set the form…

javascript iframe post parent pci-dss

asked Oct 07 '08 at 20:53

Murtaza Mandvi

10,708
23
74
109

vote

1 answer

Third Party Store Credit Card Info?

Does anyone know a third party that will store credit card and/or ACH information in a PCI compliant manner? So that it can viewed, and then manually processed? I've looked at stripe.com but it looks like it tokenizes card data and I can't retrieve…

api pci-compliance pci-dss

asked Apr 09 '13 at 14:08

JREAM

5,741
11
46
84

vote

2 answers

Storing Debit Card Information for Online Use

If I need to store Debit Card information, what fields will have to be stored? For example, with Credit Cards the fields are Card Number Expiration month/year Cardholder's Name Zip (sometimes) CCV (sometimes) What about for Debit Cards? Do I need…

checkout pci-dss pci-compliance

asked Feb 04 '13 at 16:55

700 Software

85,281
83
234
341

vote

2 answers

Credit Card - How Unique is First6,Last4, expMonth & expYear

I'm building a manager class with PHP to manage credit card payment authorizations. With credit cards, we're allowed to keep First6, last4, expiration_Month and expiration_Year. I'm really interested in knowing how unique the combination of these 4…

php credit-card pci-dss

asked Dec 10 '12 at 21:02

JustinP

1,351
1
14
29

vote

3 answers

Are subdomains covered under PCI?

I have been asked to set up some registration forms for clients that will take payments, similar to this site (https://www.martialartstechnologies.com/register?tournamentID=82). I am a reseller for Authorize.net, but I find it hard to sign clients…

subdomain pci-dss pci-compliance

asked Oct 26 '12 at 19:50

satori

vote

1 answer

How to prevent code injection windows server 2008 R2 .aspx

I look after a site that needs to comply with PCI guidelines. After a lot of work sometime ago it finally passed the PCI security check. Recently it's started failing again. I suspect this is because of new tests added to the security check. What…

asp.net windows-server-2008-r2 pci-dss pci-compliance html-injections

asked Sep 07 '12 at 08:08

Strontium_99

1,771
6
31
52

vote

1 answer

PCI-DSS 1.3.3/1.3.5, restricting outbound access from DMZ to Internet

we are in the process of obtaining for a PCI Level 1 and I'd really appreciate if anyone can help shed some light on the PCI-DSS 1.3.3 & 1.3.5 requirements which states: 1.3.3 - "Do not allow any direct routes inbound or outbound for traffic between…

linux centos system-administration pci-dss

asked Aug 24 '12 at 05:54

Jae Lee

vote

4 answers

Change passwords every 90 days for ASP.Net to help PCIDSS

I'm completing the PCIDSS assessment. The requirements state passwords must be changes at least every 90 days, and be different from any of the previous 4 passwords. I'm not certain whether this is for access to the server, or to the application I…

asp.net asp.net-mvc pci-dss

asked Aug 11 '12 at 21:08

Mark

7,778
24
89
147

Prev 1 2 3

…

13 14 Next