Payment Card Industry (PCI) DSS Standard

Payment Card Industry (PCI) DSS Standard

Postby clayton » Tue Feb 16, 2010 3:21 pm

Hi All,

Does anyone have any experience in trying to comply with this standard?
We have application forms that provide space for the applicant to supply credit card details.
The requirement is therefore to "protect" the PAN (Primary account number) and prevent people from reading it.
This applies to both the scanned reference image (after release) as well as the paper form itself.

This conflicts with the other objective of extracting, validation and exporting the card number to a payment system.

Most obvious solution (that I can think of) is to "redact" the card number from the image after validation is complete, but BEFORE sending it to the PDF generator and then on to the release script. Does anyone have any experience with this?

Notes:
    Ideally I would not want to store 2 copies of the scanned document.
    We release documents in PDF/a format.
    We are using AC8 and KTM 3.5
    Must find a way of encrypting the field value (card number) in the SQL tables.

Thoughts and comments welcomed.

Kind Regards
Clayton

Payment Card Industry (PCI)
Payment Application Data Security Standard
https://www.pcisecuritystandards.org

The PA-DSS applies to software vendors and others who develop payment applications that store, process, or
transmit cardholder data as part of authorization or settlement, where these payment applications are sold,
distributed, or licensed to third parties.
clayton
Participant
 
Posts: 28
Joined: Thu Nov 27, 2008 3:21 pm

Return to Forum Help

Who is online

Users browsing this forum: No registered users and 1 guest

cron