MikeMCSD
asked on
PCI compliance requirements ???
Are shopping carts allowed to store credit cards so when the customer returns
to the store the cards will be on file?
I'm have been looking for a shopping cart package and noticed that they do not
keep the customers credit card info and require the customer to enter it again.
A lot of webstore (amazon) keep your credit card info there when you return.
I like this feature. Is this illegal now with the "PCI compliance requirements" ? thanks
to the store the cards will be on file?
I'm have been looking for a shopping cart package and noticed that they do not
keep the customers credit card info and require the customer to enter it again.
A lot of webstore (amazon) keep your credit card info there when you return.
I like this feature. Is this illegal now with the "PCI compliance requirements" ? thanks
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Slight disagreement with the answer. Auditing and "exams" are not necessary. Section 6.5 of the DSS states that developers may conduct code reviews as long as those developers are aware of common vulnerabilities. Clearly encryption of database data is a requirement, but also facility security, network security, etc is also requried. Send the developers to a quality training class such as this one:
c_mccullough
Please stop posting the link to your website in questions at EE.
You may put the link in your Member Profile - not in questions.
https://www.experts-exchange.com/help.jsp#hi22
Vee_Mod
Experts Exchange Moderator
There are many things that must be done to comply, but most of them are things you should be doing anyway to protect your site and systems.
c_mccullough
Please stop posting the link to your website in questions at EE.
You may put the link in your Member Profile - not in questions.
https://www.experts-exchange.com/help.jsp#hi22
Vee_Mod
Experts Exchange Moderator
There are many things that must be done to comply, but most of them are things you should be doing anyway to protect your site and systems.
what are you talking about only level 3+ merchants can do thier own review!
if you want to do you own review at level 1-2 as you are stating the developer or someone with the company has to pass at level 1 of the Qualified Security Assessor (QSA) exam for PCI compliance on data security. i know, i have taken the exam myself.
this must be passed, you can not do your own review without passing!
even after passing this the company then has to pass a audit one a year by the person who passed the QSA at meet the following:
http://216.239.59.104/search?q=cache:Oft-JorVRK4J:https://www.pcisecuritystandards.org/pdfs/pci_audit_procedures_v1-1.pdf+PCI+standards+audit&hl=en&ct=clnk&cd=2
read here to understand:
http://www.braintreepaymentsolutions.com/blog/qualified-security-assessors-qsas-for-pci-dss-compliance/
if you want to do you own review at level 1-2 as you are stating the developer or someone with the company has to pass at level 1 of the Qualified Security Assessor (QSA) exam for PCI compliance on data security. i know, i have taken the exam myself.
this must be passed, you can not do your own review without passing!
even after passing this the company then has to pass a audit one a year by the person who passed the QSA at meet the following:
http://216.239.59.104/search?q=cache:Oft-JorVRK4J:https://www.pcisecuritystandards.org/pdfs/pci_audit_procedures_v1-1.pdf+PCI+standards+audit&hl=en&ct=clnk&cd=2
read here to understand:
http://www.braintreepaymentsolutions.com/blog/qualified-security-assessors-qsas-for-pci-dss-compliance/
ASKER