With media reports of hacker incidences, stolen credit card numbers, and identity theft, consumers are understandably concerned about information security. We want absolute assurance from businesses that our credit card numbers and other personal information is secure. Payment Card Industry’s Data Security Standard (PCI DSS) defines the standard for securing cardholder data, wherever it is located. Apigee recently completed an annual audit and PCI recertification verifying that we continue to meet the Credit Card industry requirements for information security.
You’ve hardened your processes, separated environments, encrypted tables in your DBs, trained your developers and IT staff. Then comes your audit and your auditors jump in and run a script against your DB. Ding, ding, ding.... Left and right you start seeing things that look like Primary Account Numbers! What? Where? How did this happen?
One of the challenges of PCI is that you’ll...
Previously we talked about Pragmatic PCI and applying just enough process to ensure you understand and execute your processes in a PCI compliant manner.
What about when you inject “The Cloud” into the picture?
PCI Compliance isn’t something that someone can sell you and even a PCI compliant environment can be misused - creating a hole in your assessment.
What is special about the cloud from a PCI perspective?
First off, you don’t control the physical environment and therefore you are dependent upon your provider’s physical security...
“If the minimum wasn’t good enough, it wouldn’t be the minimum.” - Keith W.
Wise words from one of my developers many years ago. When it comes to tackling PCI Compliance, it is advice well worth taking.
With leaks of sensitive customer information in the news, there’s an increased focus on compliance as more services shift to cloud computing and APIs.
If you are a merchant of any kind or deal with customer credit card information then you must be aware of PCI compliance regulations that are designed to protect consumer credit card information from exposure....
At some point most API product managers are on the hook to demonstrate how the API results in downstream revenue.
And even if you never intend to charge for your API, you may be surprised by unexpected opportunities.
I used to be responsible for a number of ‘free open, take-it-or-leave-it APIs’ at a large Web portal. After a few months, the team was surprised to get a ton...