Payment Card Industry (PCI) DSS Standard

Payment Card Industry (PCI) DSS Standard

Postby » Tue Feb 16, 2010 3:21 pm

Hi All,

Does anyone have any experience in trying to comply with this standard?
We have application forms that provide space for the applicant to supply credit card details.
The requirement is therefore to "protect" the PAN (Primary account number) and prevent people from reading it.
This applies to both the scanned reference image (after release) as well as the paper form itself.

This conflicts with the other objective of extracting, validation and exporting the card number to a payment system.

Most obvious solution (that I can think of) is to "redact" the card number from the image after validation is complete, but BEFORE sending it to the PDF generator and then on to the release script. Does anyone have any experience with this?

    Ideally I would not want to store 2 copies of the scanned document.
    We release documents in PDF/a format.
    We are using AC8 and KTM 3.5
    Must find a way of encrypting the field value (card number) in the SQL tables.

Thoughts and comments welcomed.

Kind Regards

Payment Card Industry (PCI)
Payment Application Data Security Standard

The PA-DSS applies to software vendors and others who develop payment applications that store, process, or
transmit cardholder data as part of authorization or settlement, where these payment applications are sold,
distributed, or licensed to third parties.
Posts: 28
Joined: Thu Nov 27, 2008 3:21 pm

Return to Forum Help

Who is online

Users browsing this forum: No registered users and 1 guest