PCI Compliance
Results 1 to 1 of 1

Thread: PCI Compliance

  1. #1
    Senior Member
    Join Date
    Apr 2003
    Location
    Flanders Fields
    Posts
    5,842

    PCI Compliance

    It's been awhile since I've looked into PCI compliance. The Report on Compliance document for 3.2 is 198 pages! Anyone dealt with this lately. This seems a LOT more complicated than it did a few years back.
    IMPORTANT: STOP using the mysql extension. Use mysqli or pdo instead.
    World War One happened 100 years ago. Visit Old Grey Horror for the agony and irony.

  2. #2
    Senior Member
    Join Date
    Apr 2003
    Location
    Flanders Fields
    Posts
    5,842
    So, having read quite a bit more on this, it seems like the whole pcisecuritystandards.org seems geared toward funnelling visitors toward a small cabal of Qualified Security Assessors (QSAs). If I'm not mistaken, it all comes down to the specifications demanded by your acquirer (i.e., "merchant bank") and in some cases you can get away with filling out a Self Assessment Questionnaire (SAQ).

    I'm hoping you folks might help me determine which questionnaire might be applicable to a website under development. This site has two payment options. One involves creating a tokenized billing agreement via paypal (we redirect to paypal site where user agrees to let us bill their paypal account). The other is a securely-hosted form where users may enter their credit card details and we submit these (securely) to a payment gateway to create a tokenized payment id which we can use to bill the user in the future. We do not store any primary account numbers or CVV codes but we do store addresses for users and we want to store an expiration date for these payment methods so that we can act appropriately when a payment method expires.

    Seems to me that SAQ-C might be appropriate:
    Merchants with payment application systems connected to the Internet, no electronic cardholder data storage.
    Not applicable to e-commerce channels.
    Any input would be much appreciated.
    IMPORTANT: STOP using the mysql extension. Use mysqli or pdo instead.
    World War One happened 100 years ago. Visit Old Grey Horror for the agony and irony.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •