We help IT Professionals succeed at work.
Get Started

Java client app and PCI compliance

769 Views
Last Modified: 2017-12-25
I am trying hard to find a way to automate some calculations on a credit card merchant statement. But I must be 100% within the letter and the intent of the rules which define PCI compliance.

Writing a Java app to run on all platforms was a great suggestion to "pre-process" the data, redacting private data, before upload to my site for further processing. But, I wonder, why not do ALL the processing via a downloadable Java App?

Is that a guarantee that I am 100% PCI compliant?

The problem will be when it fails a user and they need it debugged...I would need that PDF file sent to me for debugging. BUT, isn't that a much safer route to take than putting it on a website?

I would certainly have a high security bar to maintain regarding how I handle my PC, and maybe the methodology I use when choosing a password for that email account. But NOT having a website where any Credit Card info resides seems like a smarter way to go.

So, I am now imaging a simple website, probably WordPress. I would post a current version of the Java App for download and explanation of what it does, etc.

Users could download it and privately process their merchant account report on their own PC's. In the LIKELY event they have an unsupported report format, they could email me their full report. (Redacting private data from a PDF itself seems like a pretty high bar for users to handle)

On receipt of the PDF, I would redact all private data for that statement, and delete all un-redacted versions.

Once I have that report working, I would email the final report to that merchant and push an update of the Java App.

Any problems with this approach??

For those who work with PCI, is this PCI compliant?

Thanks.
Comment
Watch Question
Fractional CTO
CERTIFIED EXPERT
Distinguished Expert 2020
Commented:
This problem has been solved!
Unlock 2 Answers and 5 Comments.
See Answers
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE