We’re trying to comply with the Payment Card Industry’s PCI DSS requirements. We have a home-grown ERP system running on an IBM iSeries computer that stores and processes credit cards taken over the phone and by mail. We also have a website hosted on another iSeries computer. The site uses a Websphere Commerce v. 6 application to accept and process credit cards. The Websphere Commerce application feeds information about credit card transactions to the back-end ERP system.
There’s lots of information out there about how to achieve compliance but none of it is clear and much of it is contradictory. The result, for us, is paralyzing confusion. But we really want to comply and we intend to take action. It’s just that we’d prefer have a direction to move in rather than dashing off madly in all directions at once.
We’d love to hear from anyone who works with a similar environment and who has achieved the holy grail of PCI compliance, or who is trying to comply, or who has even thought about it. Independent consultants with real expertise in this area would be welcome as would other IT departments engaged in the same struggle.
Any and all advice will be greatly appreciated.
August 22, 2008 12:43 PM
November 12, 2009 8:27 PM