• Does temporary storage of credit card info meet PCI DSS requirements?

    For our department, we need to make sure that our temporary storage of our user's credit card information meets PCI DSS requirements. We have to make sure that deletion is compliant DoD's security standards. We thought about using MySQL but we're not sure about the reliability. What should we do?

    ITKE440,595 pointsBadges:
  • Secure credit card information for PCI compliance

    Does anyone know if there's a company / software that offers to store data (particularly credit card information securely) in exchange for a token? Also, can we view the data by using authentication and providing a token back to them? That should be enough for PCI compliance, right? Thanks!

    ITKE440,595 pointsBadges:
  • How to purge database records for PCI compliance

    I have to store some credit card information. To be compliant with PCI DSS, we need to purge the data from our disks by not just deleting the file but writing over the bytes with a random sequence of data (because that would make it harder to recover the data). We would still like to leverage a...

    ITKE440,595 pointsBadges:
  • PCI compliance: Recommended encryption key management

    This question is in reference to PCI compliance. Does anyone know of any recommended encryption key management software? Would ezNCrypt be good to use? Thanks so much.

    ITKE440,595 pointsBadges:
  • Authenticate database for PCI compliance

    We have a PCI compliant website that connects to a database but doesn't store any users' info. However, it does contain HTML / JavaScript snippets that might get rendered into the payment process. Here's my question: Do we have to authenticate the database to remain PCI compliant? Thanks!

    ITKE440,595 pointsBadges:
  • PCI compliance: Password field is present

    We currently have a huge problem with our PCI compliance. According to them, they want us to add http:// on every single page where a password field is present. Here's what my form in index.php looks like: What should we do here?

    ITKE440,595 pointsBadges:
  • Remote SMTP server is vulnerable to a buffer overflow – Failed PCI compliance

    Hello everyone, My department tried allowing the scanners IP to be accepted through IPTABLES into our SMTP port, but the scan keeps failing. Here's what we're getting: The remote SMTP server is vulnerable to a buffer overflow The server isn't crashing. We white listed the IP but we're still getting...

    ITKE440,595 pointsBadges:
  • What’s the best PCI compliant host?

    Currently, I'm using 1and1 hosting and I've been pretty impressed with the level of support so far (it's easy to use their admin panel). But now, I'm moving into e-commerce. But in order to process any credit cards, using PayPal, we need to be PCI compliant host. What would be the best option for...

    ITKE440,595 pointsBadges:
  • PCI compliance fail: SSL certificate cannot be trusted

    Our server is a CentOS box with a LAMP stack running. But we just had a PCI scan list this as a fail: SSL Certificate Cannot Be Trusted https (443/tcp) Severity: Medium Notes: none But we actually don't have a SSL certificate (we don't attempt to use it either). Should we just close port 443....

    ITKE440,595 pointsBadges:
  • PCI compliance failure: 403 and 404 errors

    In a recent scan done by our PCI compliance testers, we recently failed a PCI test. Here's what it said: Configure the HTTP server to specify the same error documents for both 403 (Forbidden) and 404 (Page Not Found) responses. The site is running on a drupal installation and our drupal .HTAccess...

    ITKE440,595 pointsBadges:
  • CentOS: Filter incoming traffic for PCI compliance

    I'm currently using CentOS and my friend recommended to me that, for PCI compliance, I filter incoming traffic to an UDP port. What's the best way to do this? Thank you so much.

    ITKE440,595 pointsBadges:
  • How to make a virtualization server that’s running Xen PCI compliant?

    We have a server that's running Xen with HVM and we need to make one of our VMs PCI compliant. We've already read the PCI virtualization guide and it says that we need to make sure there's no information leakage between VMs. Is there a way to make sure each OS is unable to intercept data from other...

    ITKE440,595 pointsBadges:
  • How can I be PCI compliant?

    My friend and I are developing a financial software, in turn connect it to a third party credit card company (which would be PCI compliant). As of today, we are not PCI compliant and we're not planning it. However, we want to save the four digits of PAN to help front line staff identity. So if we...

    ITKE440,595 pointsBadges:
  • Replacement for DFU

    We are looking for a product to replace DFU on our AS/400. I have found one product called DBU. In the past I had received information about Hawkeye. Does anybody have any information about this product or company? Thank you

    GreenFrog0 pointsBadges:
  • Vulnerability from PCI scan

    We recently had a PCI scan on one of our websites that was passed to us by a client. Here's one of the vulnerabilities that we got back: Network service: 80/443 Application URL: The response contains SQL Server errors. This suggests that the hazardous characters inserted by the test penetrated the...

    ITKE440,595 pointsBadges:
  • What’s the best service storing PCI sensitive data?

    I'm looking to build a web application that's going to handle sensitive PCI data (including banking numbers). What's the best service that can handle all of this data? My friend told me about Rackspace but I'm not sure about its PCI solution. I just need to make sure the database is secured and I...

    ITKE440,595 pointsBadges:
  • Can we make Google App Engine PCI compliant?

    We're working with Google App Engine but several people in our organization have said that in order to have a PCI compliant cloud solution, we need to have a private cloud environment and we can't use App Engine. Does anyone know if this is true? Can we still use Google App Engine?

    ITKE440,595 pointsBadges:
  • SSL cipher for PCI compliance on AWS

    For the past few weeks, we've been trying for PCI compliance on a load balanced EC2 instance on AWS. Here's our issue: The load balancer accepts weak ciphers. But ELB doesn't support the cipher suite so we have to manually do it one-by-one. What should we do here? What's a good strong cipher for us?

    ITKE440,595 pointsBadges:
  • Can we host a PCI compliant application on Azure?

    I've been trying to host an application on Windows Azure that would store people's credit card information of users who would want to buy monthly subscriptions for a monthly fee. We just have to store the card data as secure as possible. And we know we have to be PCI compliant. Will Azure allow us...

    ITKE440,595 pointsBadges:
  • Configure PCI compliant environment

    I have a few questions related to PCI compliance (since my organization is starting to get into credit card processing). Basically, how can we configure a PCI compliant environment? And how do we secure a build server? Thanks!

    ITKE440,595 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.