Stack Overflow
Stack Overflow

Questions tagged [pci-compliance]

The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment.

Merchants and software vendors must be certified by PCI and report their compliance with the industry standard for consumer security. If any customer of an organization ever pays the organization/merchant directly using a credit card or debit card, then the PCI DSS requirements apply.

The Standard can be found on the PCI SSC's Website:
https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml

Related Tags

314 questions
38
votes
3 answers

Saving credit card information in MySQL database?

I want to allow my customer users to enter their credit card information so that I can charge them every month. I wonder how one should save this information? Should it be saved in the MySQL database ("user" table) or is this kind of information too…
never_had_a_name
  • 80,383
  • 96
  • 257
  • 374
37
votes
4 answers

Turning expose_php OFF in php.ini

I have been advised that having expose_php = On in my php.ini is a security issue and is, therefor, not PCI compliant. My research on it so far suggests that turning it off is low risk and will essentially stop sending back the PHP version in the…
crmpicco
  • 14,513
  • 22
  • 113
  • 191
31
votes
3 answers

Storing Credit Card Number - PCI?

What are the PCI rules to follow for storing credit card numbers in a database? 1) is this allowed? 2) if so, what rules do we have to follow? Im looking at this site https://www.pcisecuritystandards.org/security_standards/index.php which document…
001
  • 55,049
  • 82
  • 210
  • 324
23
votes
3 answers

What can I store locally while still being PCI Compliant using Braintree in Rails?

What credit card information am I allowed to store while still being PCI compliant if I am relying on braintree for payment processing? The reason I am asking is because, as a simple optimization, if a customer has already bought something from my…
Lance Pollard
  • 66,757
  • 77
  • 237
  • 416
19
votes
2 answers

Upgrade openssh on OS X with homebrew for PCI compliance

The existing version of openssh on OS X 10.7.4 is SSH-2.0-OpenSSH_5.6, which is not, unfortunately, PCI Compliant. So, I need to upgrade it and I have been trying to do so with Homebrew. So far, what I've done is: brew tap homebrew/dupes brew…
leggo-my-eggo
  • 261
  • 1
  • 2
  • 12
17
votes
6 answers

Please provide an Apache SSLCipherSuite that will pass a PCI Compliance Scan

I'm trying to get a Fedora 14 server running Apache 2.2.17 to pass a PCI-DSS compliance scan by McAfee ScanAlert. My first attempt using the default SSLCipherSuite and SSLProtocol directives set in ssl.conf... SSLProtocol ALL…
Night Owl
  • 3,968
  • 4
  • 25
  • 37
14
votes
4 answers

Where to start with PCI-DSS in a mobile app?

We’re developing a mobile app (iOS and Android) for a client which has its own payment processing solution. The app is public-facing, and will be used by individual consumers on their own phones. The app has to interface with the payment processing…
Fanjita
  • 373
  • 2
  • 7
13
votes
4 answers

Best practices for (symmetric) encryption in .Net?

What is considered "best practice" for encrypting certain sensitive or personally identifiable data in a SQL database (under PCI, HIPAA, or other applicable compliance standards)? There are many questions here regarding individual aspects of a…
cdonner
  • 34,608
  • 21
  • 96
  • 146
11
votes
6 answers

upgrade openSSH 7.2p in ubuntu 14.04

I have a server running Ubuntu 14.04, but I have an issue with PCI requirements. I have installed in my server OpenSSH 6.6p1, then I upgraded it to OpenSSH 7.2p, compiling the code with make and make install directly from repositories from OpenSSH,…
Rigoberto Giraldo Carmona
  • 111
  • 1
  • 1
  • 4
11
votes
4 answers

SSL and Outdated TLS(1.0 and 1.1) for Web Service client application on .Net 3.5

As per PCI, we need to stop using SSL and TLS(1.0 and 1.1 in certain implementation) from June 30th 2016 as per http://blog.securitymetrics.com/2015/04/pci-3-1-ssl-and-tls.html We have an client application build on .Net 3.5 which uses…
Nirlep
  • 566
  • 1
  • 5
  • 13
11
votes
1 answer

What is apache autoindex and should I disable it?

I have a 3rd party client who did a PCI scan on their site. The report returned this: web server autoindex enabled What is this and is it safe to disable it? Does anyone know the safest way to disable it, and how I can check it has been disabled?
symlink
  • 10,400
  • 6
  • 25
  • 47
9
votes
5 answers

PCI Compliance and Ajax

I have this idea, but I am unsure if it is PCI compliant. I'm new to the arena of PCI compliance and am curious to know if this scenario violates PCI. So, let's set up the scenario. Company A is PCI compliant and has a web service on https…
Josh
  • 15,587
  • 25
  • 107
  • 149
8
votes
1 answer

Braintree Hosted Fields Example

I am trying to get my head round the Hosted Fields framework of Braintree. It has been released just a few days ago and is still in beta. I looked at the docs. I'm getting the overall idea but it would be nice to have some sort of small working…
Nick
  • 2,310
  • 2
  • 31
  • 37
8
votes
3 answers

Retail point of sale credit card processing - card present. Minimizing PCI compliance requirements

I am writing a point of sale application for a client who has some very specific needs. The client is a retail store, so when they process credit cards, they have a physical card present and can swipe it. The way it is now, at the end of check out,…
user2020111
  • 91
  • 3
8
votes
5 answers

Hosting a PCI compliant app on Azure

I want to host an application on Windows Azure that stores the credit card information of users who pay to buy subscriptions for a monthly fee. I'd just have to store the card data as securely as possible (encrypt, salt, update database password…
Mark13426
  • 2,429
  • 4
  • 35
  • 72
1
2 3
20 21