pci-scope – Page 4 – WindowsTechs.com

Outsourcing PCI data: Is this ok?

Posted on April 12, 2019 by elenaa

The organization I work for hold PCI-DSS compliance as merchants (we fill in SAQ-D). At the same time, due to document/payment verification processes, we request from our customers pictures of their credit/debit cards – of co… Continue reading Outsourcing PCI data: Is this ok?→

If only getting and storing BIN part of credit card number, should I comply with any PCI (or other) specification?

Posted on March 20, 2019 by Ran Wasserman

I have a fraud detection system.

From the client side (browser) I want to receive the store BIN section of the card number (first 6 digits) and if possible also the last 4 digits

Besides the above, I do not process or store… Continue reading If only getting and storing BIN part of credit card number, should I comply with any PCI (or other) specification?→

Does PCI DSS require manual pen test on company’s WIFI?

Posted on November 28, 2018 by Filopn

I was trying to understand if any manual pen testing is required if a company using WIFI security control (WIPS) and there are external and internal automatic security scanning done on the WIFI network.

Is manual pen test is… Continue reading Does PCI DSS require manual pen test on company’s WIFI?→

PCI Compliance and Security Policies

Posted on November 12, 2018 by user2091722

When writing our Security Policies I get to the Change Management and for our website, we loosely follow a change management process but for our internal use only applications, we do not. That is not to say we will not ever b… Continue reading PCI Compliance and Security Policies→

Are there any PCI iFrame API or framework services? [on hold]

Posted on August 24, 2018 by user3505886

I am using Infusionsoft to process credit card orders. Unfortunately they don’t offer a PCI SAQ-A compliant way to process orders on our own website.

All they offer is a server-side based API to add cards, which requires me … Continue reading Are there any PCI iFrame API or framework services? [on hold]→

Outlook OST files being caught in PCI DSS DLP scanning

Posted on April 13, 2018 by Mario Silva

End user computing DLP scans in my company have brought to the fore a listing of outlook OST files for multiple users. Users can only send mails internally.

Now I am assuming that these users have in some way or form communi… Continue reading Outlook OST files being caught in PCI DSS DLP scanning→

Emailing PAN securely?

Posted on March 6, 2018 by Tboe

Has anyone successfully implemented a PCI approved method of emailing PAN data? I know there are concerns managing all the PCI requirements in an email solution but is there anyone that has actually satisfied all PCI 3.2 requ… Continue reading Emailing PAN securely?→

PCI DSS PenetrationTesting Requirement 11.3.4

Posted on March 6, 2018 by li_greeny

I’m fairly new to PCI DSS and I’m confused over the requirement to perform pen-testing as per 11.3.4. as it states:-

Are penetration-testing procedures defined to test all segmentation
methods, to confirm they are opera… Continue reading PCI DSS PenetrationTesting Requirement 11.3.4→

PCI compliance for bank card system

Posted on February 27, 2018 by user1563721

There is a bank who has internal system working with card data preparation, generating PANs, and finally preparing personalization files that are sent to third party card manufacturer.

The bank can see in their internal syst… Continue reading PCI compliance for bank card system→

When to complete PCI DSS Compliance Paperwork

Posted on February 7, 2018 by pingo

I am working for a startup that will soon begin processing payments with Stripe.

Looking at their documentation, it seems we will have to file an SAQ A, SAQ A-EP, or an SAQ D depending on our integration method.

How soon wi… Continue reading When to complete PCI DSS Compliance Paperwork→