Highest Voted 'pci-scope' Questions - IT Security Stack Exchange

14

votes

1 answer

Can I use GitHub and be PCI DSS compliant?

Is it possible to use any remote DVCS (GitHub, Bitbucket, etc.) with PCI DSS or should I host Git on my own server?

pci-dss pci-scope git

asked Oct 25 '16 at 19:30

iwex

243
2
6

12

votes

4 answers

How does collecting sensitive data using iframes increase security?

So this approach seems to be rather popular, particularly among payment processors that provide javascript integrations. The added layer of security that "fields in iframe" brings also supposedly reduces the level of PCI compliance…

javascript pci-dss pci-scope iframe e-commerce

asked Apr 22 '21 at 15:54

Acorn

222
2
7

7

votes

5 answers

Can I show Credit Card Data to final customers and be PCI Compliant?

I work with reservation management syatems. In the hospitality industry there is the concept of credit card as guarantee. By it when making any kind of reservation you are asked for your credit card info in order to secure the reservation, however…

pci-dss credit-card storage pci-scope

asked Jun 10 '15 at 16:46

jvlucic

83
1
5

7

votes

1 answer

Which self assessment questionairre should I use for PCI DSS compliance

My system is passed card data securely over HTTPS from an upstream system. The upstream system captures information via telephone input. This telephone input is sent to us, to invoke payments via Paycorp's API (Paycorp is PCI compliant). The up…

pci-dss compliance pci-scope

asked Jul 05 '19 at 12:41

Sim

173
5

6

votes

2 answers

Clarification of PCI DSS 3.1 requirement 6+8

I'm quite puzzled about the PCI requirements when it comes to session timeouts and scope definitions. The login is the end user/customer login to the public facing control panel in which they can handle their own transactions. We act as PSP. The…

pci-dss pci-scope

asked Jan 05 '16 at 14:30

Jeffery

61
1
2

5

votes

2 answers

Source code scanning - PCI Requirement - Service Provider

I've been doing a lot of research regarding the requirements for source code scanning but haven't found anything conclusive when it comes to my question below. So I need some guidance from PCI Experts here in StackExchange's Info Sec community. Is a…

pci-dss source-code pci-scope

asked Jul 29 '15 at 22:03

avakharia

103
8

5

votes

1 answer

PCI-DSS Network Segmentation and encrypted administrative interfaces

I'm using the 3/2/1 network segmentation model from the open pci dss scoping toolkit and I'm running into a bit of a mental roadblock. I have a phone system (Mitel 5000 series, if it matters) that is on my segmented internal network. The phone…

pci-dss pci-scope

asked Aug 02 '13 at 16:43

Tim Brigham

3,762
3
29
35

4

votes

3 answers

PCI DSS - only one primary function per server

The PCI DSS says that a server can have only one primary function and i'm a little confused over what it means by 'one primary function' we have a webserver with database - web pages and email is this a breach of the rules? because just about all…

webserver pci-dss pci-scope

asked Feb 04 '14 at 22:02

user1398287

161
1
4

4

votes

1 answer

PCI compliance with multiple AWS VPCs

If I have VPC which is in-scope (the "PCI VPC") and another which is not (the "NON-PCI VPC"), would peering them bring the non-pci vpc in-scope? Is there a way to avoid this? I have an aurora RDS inside the PCI VPC. It does not actually contain…

aws pci-scope

asked Nov 13 '19 at 18:31

Ian Buffington

41
3

4

votes

1 answer

When to complete PCI DSS Compliance Paperwork

I am working for a startup that will soon begin processing payments with Stripe. Looking at their documentation, it seems we will have to file an SAQ A, SAQ A-EP, or an SAQ D depending on our integration method. How soon will we need to submit one…

mobile pci-dss pci-scope payment-gateway

asked Feb 07 '18 at 17:37

0xPingo

143
4

4

votes

2 answers

Are client-side-only apps regulated by PCI?

Consider a client-side-only application. It may allow a user to make a payment by redirecting them to payment gateway website, where they enter the credit card details. If I understand correctly, in this case only the payment provider must be PCI…

pci-dss credit-card pci-scope payment-gateway

asked Nov 18 '16 at 13:21

interphx

141
2

4

votes

2 answers

PCI DSS Storage Definition - BizTalk Consideration

I am having trouble locating a clear PCI DSS definition for "Storage" and wether or not Microsoft BizTalk could be considered within that definition. Could an overloaded BizTalk server or failed orcestration constitute storage even if only…

pci-dss pci-scope

asked Aug 11 '16 at 22:54

SystemObject

41
1

4

votes

1 answer

If my company receives credit card statements showing credit card number, does it have to be PCI compliant?

I understand PCI requirements on the storing, processing and transmitting of credit card information (PAN, expiration date, no on CVV, etc.). However, I found nothing about receiving PAN (no expiration date, no cvv, etc.) ON document format (PDF).…

pci-dss credit-card pci-scope

asked Jul 20 '16 at 23:52

striders

43
3

4

votes

1 answer

Store PCI DSS data in an encrypted form in non PCI DSS scope

Am I allowed to save a strongly encrypted archive containing the CHD on an external storage which is outside our PCI-DSS infrastructure ? For example, we'd like to save an encrypted backup archive for last resort purpose on a server which is hosted…

pci-dss pci-scope

asked Jun 06 '16 at 08:48

BitLegacy01

75
3

4

votes

1 answer

ASV scan with reverse proxy

We are PCI compliant as a service provider, however our service port forwards some web traffic at TCP level. Customers use our PCI compliant service and can choose to upload a TLS/SSL certificate to us if they want their HTTPS traffic analysed. So…

tls pci-dss vulnerability-scanners pci-scope

asked Dec 17 '15 at 09:10

SilverlightFox

33,408
6
67
178

Questions tagged [pci-scope]