Questions tagged [pci-dss]

The Payment Card Industry Data Security Standard is a worldwide information security standard assembled by the Payment Card Industry Security Standards Council (PCI SSC).

The PCI-DSS applies whenever an organisation stores, processes or transmits payment card data. Payment cards are Visa, MasterCard, JCB, American Express and Diners International branded cards. Compliance with PCI-DSS is measured either by a self assessment for small organisations or through an on-site assessment by a QSA for larger organisations. The size cut-offs are determined by the card schemes and based on the number of transactions that an organisation is involved with. Associated standards are PA-DSS and PTS-DSS for payment applications and PIN transaction security. All of these standards are set and maintained by the PCI Security Standards Council. Compliance with the standards is mandated by the various card schemes but is communicated through acquiring banks or other parties. Failure to comply to PCI-DSS can result in fines or other sanctions.

Latest version of PCI standards PCI DSS 3.2.1

202 questions

259

votes

9 answers

Payment Processors - What do I need to know if I want to accept credit cards on my website?

This question talks about different payment processors and what they cost, but I'm looking for the answer to what do I need to do if I want to accept credit card payments? Assume I need to store credit card numbers for customers, so that the obvious…

security e-commerce pci-dss

asked Sep 09 '08 at 01:50

Michael Pryor

23,537
18
68
90

votes

10 answers

Storing credit card details

I have a business requirement that forces me to store a customer's full credit card details (number, name, expiry date, CVV2) for a short period of time. Rationale: If a customer calls to order a product and their credit card is declined on the spot…

c# security encryption credit-card pci-dss

asked Oct 15 '08 at 20:54

Andrew

11,520
12
65
82

votes

2 answers

How to properly do private key management

Has anyone got practical experience or a reference for a scheme that implements a key management scheme that would comply with the PCI DSS security standard? There are obviously quite a few implementations around given the number of companies…

security cryptography pci-dss key-management

asked Oct 17 '09 at 23:57

sipsorcery

28,885
23
95
145

votes

3 answers

Saving credit card information in MySQL database?

I want to allow my customer users to enter their credit card information so that I can charge them every month. I wonder how one should save this information? Should it be saved in the MySQL database ("user" table) or is this kind of information too…

mysql database credit-card pci-compliance pci-dss

asked Jul 25 '10 at 11:04

never_had_a_name

80,383
96
257
374

votes

3 answers

Storing Credit Card Number - PCI?

What are the PCI rules to follow for storing credit card numbers in a database? 1) is this allowed? 2) if so, what rules do we have to follow? Im looking at this site https://www.pcisecuritystandards.org/security_standards/index.php which document…

database credit-card pci-compliance pci-dss

asked Nov 29 '10 at 04:26

001

55,049
82
210
324

votes

6 answers

Online Credit Card Storage?

I am about to inherit and work on a small business retail website that is very poorly designed. Among other things, the greatest concern is with the current credit card processing. Currently, the owner retrieves credit card information (name,…

credit-card pci-dss

asked Feb 10 '10 at 22:07

Stephen Watkins

23,077
12
60
97

votes

7 answers

Storing partial credit card numbers

Possible Duplicates: Best practices for taking and storing credit card information with PHP Storing credit card details Storing Credit Card Information I need to store credit card numbers within an e-commerce site. I don't intend on storing the…

payment credit-card pci-dss

asked Sep 28 '09 at 04:40

Joel

10,593
17
58
72

votes

6 answers

Please provide an Apache SSLCipherSuite that will pass a PCI Compliance Scan

I'm trying to get a Fedora 14 server running Apache 2.2.17 to pass a PCI-DSS compliance scan by McAfee ScanAlert. My first attempt using the default SSLCipherSuite and SSLProtocol directives set in ssl.conf... SSLProtocol ALL…

apache pci-dss pci-compliance

asked Apr 24 '11 at 07:41

Night Owl

3,968
4
25
37

votes

7 answers

Is SQL Azure PCI-DSS Compliant?

If I were to use separate Windows Server that was PCI-DSS compliant, would I still be compliant if I had a SQL Azure hosting the backend? This is assuming that I'm compliant at the application layer, and that I'm only storing permitted values (like…

security cloud azure-sql-database pci-dss

asked Aug 01 '10 at 03:33

jchapa

3,598
2
23
38

votes

4 answers

Where to start with PCI-DSS in a mobile app?

We’re developing a mobile app (iOS and Android) for a client which has its own payment processing solution. The app is public-facing, and will be used by individual consumers on their own phones. The app has to interface with the payment processing…

android ios mobile pci-compliance pci-dss

asked Dec 04 '15 at 12:37

Fanjita

votes

2 answers

How to take credit cards online for future payments?

I have a couple of clients that want to take credit card details on their website that they can then bill in the future (one runs courses and users are only billed 4 weeks before their course if they haven't cancelled and one runs a charity and each…

payment-gateway credit-card payment-processing pci-dss

asked Jan 27 '12 at 10:40

deshg

1,193
4
21
44

votes

4 answers

How is 'processing credit card data' defined (PCI)?

If i have a web application and i receive credit card data transmitted via a POST request by a web browser over HTTPS and instantly open a socket (SSL) to a remote PCI compilant card processor to forward the data and wait for a response, am i…

credit-card pci-dss

asked Feb 26 '10 at 16:26

Chris

14,451
18
70
73

votes

3 answers

Storing Credit Card Info

So I know there have been numerous posts about storing credit card information. We are building a mobile application and want people to be able to enter in their card information once, not with each purchase. We looked at Authorize.net CIM, and it…

payment-gateway payment credit-card pci-dss

asked Apr 27 '11 at 17:11

Nick

votes

4 answers

Is it necessary to clean up stack contents?

We are under a PCI PA-DSS certification and one of its requirements is to avoid writing clean PAN (card number) to disk. The application is not writing such information to disk, but if the operating system (Windows, in this case) needs to swap, the…

c++ c pci-dss

asked Jun 01 '17 at 18:43

Juliano

votes

6 answers

is it possible to POST/GET data to TLSv1.1+ secured site without curl and wget?

I am in this very unfortunate situation: My website is using outdated software (security patches are applied) with OpenSSL 0.9.8o 01 Jun 2010 which doesn't support TLSv1.1/1.2 I also have payment gateway which is PCI DSS compliant therefore SSL and…

php linux ssl curl pci-dss

asked May 15 '15 at 08:41

Peter

15,758
7
46
76

2 3

…

13 14 Next