pci-scope – WindowsTechs.com

Would a domain registrar be considered a Service Provider for PCI compliance if it never touches its customer’s card holder data?

Posted on July 17, 2024 by Jordan Rieger

Hypothetical:

Company A accepts credit card payments and must be PCI compliant.
Company B provides domain registration (but not DNS or web hosting) services to Company A.
Some of these domains are used by Company A to accept credit card d… Continue reading Would a domain registrar be considered a Service Provider for PCI compliance if it never touches its customer’s card holder data?→

PCI-DSS Scope – How to determine client scope segmentation

Posted on July 11, 2024 by jtkline

We are a medium sized organization and use Payment Service Providers for all purchases, including credit card and non-credit card purchases. We get yearly audits and our internal payments platform is fully PCI SAQ-A EP compliant.
We are lo… Continue reading PCI-DSS Scope – How to determine client scope segmentation→

Ports open on jump server in CDE

Posted on August 14, 2022 by user30026

We placed a jump server in CDE to restrict the direct access to PCI in-scope devices (although I believe it should be outside CDE, please confirm)
Now, we have opened SQL ports 1433 and application ports from the jump server to the prod ho… Continue reading Ports open on jump server in CDE→

PCI – AOC applicable for Issuer bank? [closed]

Posted on April 5, 2022 by IPLondon

Does an Issuing bank require PCI AOC report?
AOC templates are only available for Merchants and Service providers.

Continue reading PCI – AOC applicable for Issuer bank? [closed]→

PCI DSS data transfer to an out-of-scope network [closed]

Posted on January 10, 2022 by Ton

Would I be breaching compliance if I process data that is extracted from a PCI DSS compliant environment for analysis?
There are 3 subnets:

Compliant subnet 1
Compliant subnet 2
Non-Compliant subnet 1

The PCI DSS data is on subnet 1 and … Continue reading PCI DSS data transfer to an out-of-scope network [closed]→

Are virtual credit cards in scope for PCI Compliance?

Posted on September 28, 2021 by elenaa

My company is using virtual credit cards and since we are PCI compliant (and want to be in the future) I was wondering about the requirements of storing/processing and transmitting PAN numbers of virtual credit cards.
E.g. As part of the b… Continue reading Are virtual credit cards in scope for PCI Compliance?→

PCI scope "Encrypted cardholder data that is accessible to an entity that also has access to the decryption key"

Posted on September 23, 2021 by Samuel

I have a question related to this FAQ:
https://pcissc.secure.force.com/faq/articles/Frequently_Asked_Question/How-does-encrypted-cardholder-data-impact-PCI-DSS-scope?q=how+does+encrypted+data+impact+the+scope&l=en_US&fs=Search&… Continue reading PCI scope "Encrypted cardholder data that is accessible to an entity that also has access to the decryption key"→

Configure Spring application deployed in AWS Elastic Beanstalk to use SSL

Posted on June 1, 2021 by Peter Penzov

I deployed successfully Spring application into AWS Elastic Beanstalk which us going to be used as Rest endpoint by Angular app deployed into Cloudfront service. I want to encrypt the communication between Angular and Spring with SSL. What… Continue reading Configure Spring application deployed in AWS Elastic Beanstalk to use SSL→

What level of PCI compliance is required, and who is responsible for having it, where a white label app is involved?

Posted on May 18, 2021 by Gareth Smith

We have developed a mobile application that integrates with systems of record of our clients via a middleware application.
This application, amongst other things, can integrate with product systems and create a basket of goods.
Currently t… Continue reading What level of PCI compliance is required, and who is responsible for having it, where a white label app is involved?→

How does collecting sensitive data using iframes increase security?

Posted on April 22, 2021 by Acorn

So this approach seems to be rather popular, particularly among payment processors that provide javascript integrations.
The added layer of security that "fields in iframe" brings also supposedly reduces the level of PCI complian… Continue reading How does collecting sensitive data using iframes increase security?→