With media reports of hacker incidences, stolen credit card numbers, and identity theft, consumers are understandably concerned about information security. We want absolute assurance from businesses that our credit card numbers and other personal information is secure. Payment Card Industry’s Data Security Standard (PCI DSS) defines the standard for securing cardholder data, wherever it is located. Apigee recently completed an annual audit and PCI recertification verifying that we continue to meet the Credit Card industry requirements for information security.
You’ve hardened your processes, separated environments, encrypted tables in your DBs, trained your developers and IT staff. Then comes your audit and your auditors jump in and run a script against your DB. Ding, ding, ding.... Left and right you start seeing things that look like Primary Account Numbers! What? Where? How did this happen?
One of the challenges of PCI is that you’ll...
Previously we talked about Pragmatic PCI and applying just enough process to ensure you understand and execute your processes in a PCI compliant manner.
What about when you inject “The Cloud” into the picture?
PCI Compliance isn’t something that someone can sell you and even a PCI compliant environment can be misused - creating a hole in your assessment.
What is special about the cloud from a PCI perspective?
First off, you don’t control the physical environment and therefore you are dependent upon your provider’s physical security...
Many APIs start out serving content. But if you eventually want to transact with your API and take credit card orders - you need to understand the implications of PCI DSS compliance.
PCI is a set of requirements that protects your customers and your business from the release of sensitive credit card information. You don't buy technology to that makes you PCI compliant. Instead, PCI is a process and checklist of standards that those accepting credit card data must adhere to (more on this here). But it's important that the...
“If the minimum wasn’t good enough, it wouldn’t be the minimum.” - Keith W.
Wise words from one of my developers many years ago. When it comes to tackling PCI Compliance, it is advice well worth taking.
With leaks of sensitive customer information in the news, there’s an increased focus on compliance as more services shift to cloud computing and APIs.
If you are a merchant of any kind or deal with customer credit card information then you must be aware of PCI compliance regulations that are designed to protect consumer credit card information from exposure....