PCI DSS – Page 5 – WindowsTechs.com

How do companies like Uber and Paypal store card details? Is it possible to offer PCI compliance whilst saving credit card details locally?

Posted on April 21, 2022 by pma07pg

I know there’s a question that’s been already asked but it’s a decade old so wanted to get an up to date answer…
It’s mentioned quite often that the CVV number should never be stored, but this must be the case for companies where frictio… Continue reading How do companies like Uber and Paypal store card details? Is it possible to offer PCI compliance whilst saving credit card details locally?→

PCI – AOC applicable for Issuer bank? [closed]

Posted on April 5, 2022 by IPLondon

Does an Issuing bank require PCI AOC report?
AOC templates are only available for Merchants and Service providers.

Continue reading PCI – AOC applicable for Issuer bank? [closed]→

PCI Card Number Definition

Posted on April 4, 2022 by Missy

We are using a truncation strategy to eliminate card numbers. In order to develop, I need the original pre-truncated data files. The test environment is not allowed to have live card numbers. I wrote a program that basically obfusc… Continue reading PCI Card Number Definition→

How to check validity of a PCI DSS Attestation of Compliance certificate?

Posted on March 25, 2022 by user1713059

I’ve been sent a certificate of compliance with PCI DSS (v. 3.2.1) in the form of a PDF. In it company A (issuer) claims that company B passed a formal assessment and is a level 2 merchant.
What options do I have to be more or less convinc… Continue reading How to check validity of a PCI DSS Attestation of Compliance certificate?→

DCP-Portal Vulnerability

Posted on March 9, 2022 by user1996

This vulnerability is from a third party reviewer for PCI scans. I am stuck for months and can’t figure this out. I already used sanitation to my page and it still fail the PCI scanning. I am starting to think that this is not a code relat… Continue reading DCP-Portal Vulnerability→

Does "row-level security" actually serve a security purpose?

Posted on February 13, 2022 by loopbackbee

Row-level security is often an industry requirement in secure environments, such as those dealing with payment cards.
It’s supported by most major relational databases, including PostgreSQL, Microsoft SQL Server and Oracle. It works by int… Continue reading Does "row-level security" actually serve a security purpose?→

Encrypting card data at application layer over TLS (MasterCard)

Posted on January 14, 2022 by CyberSrikanth

I found an article from MasterCard’s blog stating:

The transport between client applications and Mastercard is secured
using TLS/SSL, which means data are encrypted by default when
transmitted across networks.
In addition to that, some of… Continue reading Encrypting card data at application layer over TLS (MasterCard)→

PCI DSS data transfer to an out-of-scope network [closed]

Posted on January 10, 2022 by Ton

Would I be breaching compliance if I process data that is extracted from a PCI DSS compliant environment for analysis?
There are 3 subnets:

Compliant subnet 1
Compliant subnet 2
Non-Compliant subnet 1

The PCI DSS data is on subnet 1 and … Continue reading PCI DSS data transfer to an out-of-scope network [closed]→

VM Hosting requirement for a Virtual Terminal application in SAQ-C-VT

Posted on January 7, 2022 by Paul S. Lee

We are a merchant that do exclusively MOTO transactions over the phone. To capture credit card information, our sales agent (on their PCs) uses a browser to access an internally developed ASP.NET application which serves as a Virtual Term… Continue reading VM Hosting requirement for a Virtual Terminal application in SAQ-C-VT→

How healthcare providers handle safeguards to protect payment and PII

Posted on December 15, 2021 by Help Net Security

Semafone released a survey which aimed to identify the underlying consumer sentiment on payment experiences with their healthcare providers. Over the last 20+ months, the healthcare system has endured significant challenges and turbulence as a result o… Continue reading How healthcare providers handle safeguards to protect payment and PII→