• Should I worry about my POS system terminal for PCI compliance?

    I've been getting into PCI DSS lately (because my organization asked me too). Our company accepts payments using a POS terminal that's connected to the Internet though the office LAN. Our terminal isn't integrated with any payment processing apps, just paper receipts. Should I worry about PCI...

    ITKE1,027,095 pointsBadges:
  • PCI DSS: Enforce password management for ASP.NET

    I've been working on our PCI DSS assessment. I already know that passwords must be changed every 90 days / different than previous passwords. But I'm not sure if this is for access to the server or to the app we provide to users on the server. If it's the second part, can we enforce this in ASP.NET...

    ITKE1,027,095 pointsBadges:
  • Desktop application in line with PCI compliance

    We currently have a payment processing client that's running on a desktop. Our operator enters the data and clicks a button (which the app sends the data to the payment gateway through a secure channel). Our app doesn't store sensitive data. It does encrypt and save a user's login information. Is...

    ITKE1,027,095 pointsBadges:
  • Is there a non-US PCI compliant service that stores credit card info?

    We're working on a website that would allow our users to pay with their credit cards. We're outside of the country so we can't use a normal merchant account (like Braintree). Does anyone happen to know of a credit card service that would allow us to store credit card info and access them through an...

    ITKE1,027,095 pointsBadges:
  • Storing a shipping address for PCI compliance

    From what I understand, storing a shipping address would be okay for PCI compliance right? Do configuration standards include requirements for a firewall at each Internet connection? Is there a process for approving and testing all external network connections? I'm leaning towards no but I need to...

    ITKE1,027,095 pointsBadges:
  • Upgrade PHP version in Magento for PCI compliance

    Over the past week, I've been trying to get PCI compliance for our dedicated server, which is a Red Hat Enterprise Linux (and that's running Magento). When we first installed it on the server, the RHEL version that comes with a PHP version which is too old for Magento. But our PCI compliance scan...

    ITKE1,027,095 pointsBadges:
  • Encrypt SQL Server 2008 database for PCI compliance

    I'm pretty new to PCI compliance and from what I understand I need to secure a person's credit card info, expiration date and the card holder's name. There's not going to be storage of security codes ever. So in my SQL Server 2008 database, I would need to encrypt these 3 columns? Also, do I need...

    ITKE1,027,095 pointsBadges:
  • How to use payment gateway integration to avoid PCI compliance

    My client has an e-commerce which accepts payments through a payment gateway integration that transfers the control to payment gateways. But it knows that it needs to be PCI compliant for accepting credit card information. Instead, could our client use stripe payment gateway / integration that it...

    ITKE1,027,095 pointsBadges:
  • Configure Apache settings for PCI compliance

    For the past few weeks, I've been trying to make my server PCI compliant. I need to remove the INode from an Apache ETag header. So I made this change: <Directory "/var/www/html"> Options FollowSymLinks AllowOverride None Order allow,deny Allow from all FileETag MTime Size But now I'm getting...

    ITKE1,027,095 pointsBadges:
  • Cross-site scripting issue for PCI compliance

    For one of our client's websites, they're trying to pass PCI compliance test but the testing company notified us of a vulnerability that we can't figure out. Here's what they told us: The issue here is a cross-site scripting vulnerability that is commonly associated with e-commerce applications....

    ITKE1,027,095 pointsBadges:
  • Will IIS 7 automatically use SSL 3.0?

    We're running a Windows Server 2008 with IIS 7. I need to use SSL 3.0 for our PCI compliance but from what I was told, we should disable SSL 2.0. But if I need to do this, will IIS automatically use SSL 3.0? Thanks!

    ITKE1,027,095 pointsBadges:
  • PCI compliance failure with latest OS X version

    I recently just upgraded to the latest OS X version and our compliance scan tells us that these OS-installed components are causing security vulnerabilities. It says MySQL and PHP are vulnerabilities. Not sure what I should do here. Can anyone help me out?

    ITKE1,027,095 pointsBadges:
  • Edit MSS Group Policy settings on Windows Server 2012 for PCI Compliance

    At my job, we go through a checklist on our Windows Server 2008 for PCI compliance. There's a ton of Group Policy, Registry and other settings that I need to confirm for security best practices. We this see this, however: The system should be configured to disallow IP Source Routing, ICMP...

    ITKE1,027,095 pointsBadges:
  • Best solution for PCI DSS compliance

    We're currently comparing solutions for PCI DSS compliance including: Splunk, RSA enVision, ArcSight, etc. But we're not sure what to do with. Has anyone had any experience with these programs? Our PCI system is a small segmented network with 5 hosts and our machines will be running Linux. Thanks!

    ITKE1,027,095 pointsBadges:
  • SQL Server rotation of keys for PCI compliance

    I understand that PCI compliance requires annual rotation of keys. So, I have 16 databases across 3 servers (with multiple tables in each database). And it's going to get bigger. If I did this manually, it would make my data unreadable. Is there a software to do this?

    ITKE1,027,095 pointsBadges:
  • What’s a good open source static source code analysis tool?

    My department needs an open source static source code analysis tool that's going to be used for security testing on an Android app. We need to make sure the app is PCI compliant. Anyone know of a software that we can use for this?

    ITKE1,027,095 pointsBadges:
  • Should we turn off expose_php off for PCI compliance?

    We have been told by one of our clients that having expose_php = on in our php.ini is a big security issue and not PCI compliant. But we did some research that it's low risk. Does anyone know if this is a major problem? Thanks!

    ITKE1,027,095 pointsBadges:
  • What credit card info can I store while being PCI compliant?

    Would anyone happen to know what credit card information I'm allowed to store while still being PCI compliant if I'm relying on braintree for payment processing? Are we allowed to store this information: Last 4 digits of credit cards Card type Cardholder name Thanks!

    ITKE1,027,095 pointsBadges:
  • How to secure CFID for PCI compliance

    For the past few weeks, our PCI scans keep failing because ColdFusion has predictable CFIDs. This is what we get as the failure: Predictable Cookie Session IDs. Our CFID is still predictable and unaffected by any changes in CF Admin. We don't understand why it's a threat but we have to fix it. What...

    ITKE1,027,095 pointsBadges:
  • Apache configuration to become PCI compliant

    For Apache, we need to make sure of PCI compliance by limiting mod_ssl to SSLv3 and TLSv1 (and also ensuring long keys). We've tried the below configuration but combos of the SSLv2 are still valid. SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM Is there a way completely disable the...

    ITKE1,027,095 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.

Following