Collaborate Disseminate
If I have VPC which is in-scope (the “PCI VPC”) and another which is not (the “NON-PCI VPC”), would peering them bring the non-pci vpc in-scope? Is there a way to avoid this?
I have an aurora RDS inside the PCI VPC. It does … Continue reading PCI compliance with multiple AWS VPCs
Ok, so we do not store any cardholder data so I get confused by these questions.
“Is all access to any database containing cardholder data (including access by applications, administrators, and all other users) restricted a… Continue reading Account Security Cardholder data
So we converted our website from an internally created site to a Magento Cloud environment. In the process, we had to change how we handle credit cards.
We used to redirect the user to the payment processor’s site to comple… Continue reading Platform Change
I am currently working for an Org which provide access to third parties to issue Credit Cards to their customer.
We act as a supplier to these third parties for credit card services.
My Question is, these third party c… Continue reading PCI Compliance Self Assessment Verification – Third Parties
Requirement 10 states: Track and monitor all access to network resources and card holder data
I find this a little vague and I have two questions.
If I don’t store card holder data – do I just need to monitor access to networking resourc… Continue reading Does PCI-DSS requirement 10 ("track and monitor all access to … card holder data") apply if I am not storing card holder data?
I was reading this paper
https://d1.awsstatic.com/whitepapers/pci-dss-scoping-on-aws.pdf
It shows this image
Am I correct in saying that – as long as instances have proper security groups that restrict connectivity, it will remove the… Continue reading Are AWS security groups enough to segment network and reduce PCI scope?
My system is passed card data securely over HTTPS from an upstream system. The upstream system captures information via telephone input. This telephone input is sent to us, to invoke payments via Paycorp’s API (Paycorp is PCI… Continue reading Which self assessment questionairre should I use for PCI DSS compliance
I need to make payments on behalf of clients to 3rd parties. This means I need to actually see the credit card details to input them into the 3rd parties’ online payment facilities. What is the simplest way to collect and sto… Continue reading Collect Visible Credit Card Details & Remain PCI Compliant? [on hold]
Even though the web site never sees the cardholder data or sensitive authentication data in the clear, and never has access to the encryption keys, I would think the web site is in-scope because it could affect the security of the data. I… Continue reading Is web site in-scope for PCI even though it redirects to a 3rd-party for card transaction?
I am trying to find out if a credit card application would be in-scope for PCI DSS. As part of the application process, customers can submit their credit card number (PAN) from another institution. No other data is captured f… Continue reading Does PCI Apply to PAN only?