× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. December 2018

Re: Credit Card Processing and PCI compliancy on the Power i

I deal with many customers who handle credit cards. Of them only 1 still processes those cards on IBM i and they are moving to the token model you describe 'with the quickness'.

In most cases now the user is redirected to an outside website to enter credit card information and the token is returned. The token then is the only important bit retained and it means nothing out of context. It contains absolutely nothing about the user or their card.

The issue being that by doing so the vast majority of the network and servers and devices are now out of scope for PCI compliance.

I'm a bit surprised it has to be a wireless device as wireless is 'generally' less secure than wired (for example medical and dental offices cannot use wireless networks or even fixed wireless internet connectivity.

Nonetheless this IS the way of the future of PCI.

- Larry "DrFranken" Bolhuis

www.Frankeni.com
www.iDevCloud.com - Personal Development IBM i timeshare service.
www.iInTheCloud.com - Commercial IBM i Cloud Hosting.

On 12/4/2018 10:06 PM, Steinmetz, Paul wrote:
Anyone from the group processing credit cards on the i?

Currently, we do NOT use any credit card terminal devices.
Currently, card data is entered either via green screen application, gui application, IVR, WEB.

We were informed by our processer today that going forward we need to consider having ALL card data entered via a wireless device connected to a separate network, (no longer from any PC device, or any device connected to the I, or the I network) that connects to a cloud based authorizer, and then returns a token back to the I, which in turn is then stored in the I application, to keep the I out of PCI scope and to remain PCI compliant.

Going forward, all current credit card touch points (green screen application, gui application, IVR, WEB) would need changes to stay compliant.

Have others in the group had to deal with this issue and what solutions have anyone implemented?

Thank You
_____
Paul Steinmetz
IBM i Systems Administrator

Pencor Services, Inc.
462 Delaware Ave
Palmerton Pa 18071

610-826-9117 work
610-826-9188 fax
610-349-0913 cell
610-377-6012 home

psteinmetz@xxxxxxxxxx
http://www.pencor.com/


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.