pci-dss

I am developing an Android application (native) which contains a module to make reservations on hotels \ taxi etc . I am planning to accept the payment details (amount, credit card number, expiry date etc ) from a screen of my application and pass them to my middle layer ( hosted in IIS server in my company premises ) via a API call. Then my middle layer will call the payment gateway APIs and will pass the payment info to them for processing. Communication between both mobile app to middle layer , and middle layer to payment gateway happens via secure channels ( Https ). I am not storing any

I'm trying to get a Fedora 14 server running Apache 2.2.17 to pass a PCI-DSS compliance scan by McAfee ScanAlert. My first attempt using the default SSLCipherSuite and SSLProtocol directives set in ssl.conf... SSLProtocol ALL -SSLv2 SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP failed citing that weak ciphers were enabled. Scans with ssllabs and serversniff tools revealed that 40 and 56 bit keys were indeed available. I then changed to... SSLProtocol -ALL +SSLv3 +TLSv1 and tried all of the following strings reported on various sites to pass PCI scans from assorted vendors...

Possible Duplicates: Best practices for taking and storing credit card information with PHP Storing credit card details Storing Credit Card Information I need to store credit card numbers within an e-commerce site. I don't intend on storing the whole credit card number, as this would be highly risky. I would like to store at least the first five digits so I can later identify the financial institution that issued the card. Ideally, I would like to store as much of the credit number as I safely can, to aid any future cross-referencing etc. How many digits, and which particular digits, can I

In trying to disable TLS 1.0, there are KitKat devices needing access to my API. I have tried overriding the default socket factory without success. I have tried converting to okhttp. Still not working. How do I get Android KitKat to connect to my API? I had the same issue on pre-lollipop devices. As I'm using Retrofit, here is the solution for OkHttp . Tls12SocketFactory.java : public class Tls12SocketFactory extends SSLSocketFactory { private static final String[] TLS_V12_ONLY = {"TLSv1.2"}; final SSLSocketFactory delegate; public Tls12SocketFactory(SSLSocketFactory base) { this.delegate =

I've never had to deal with PCI compliance before. I've been reading their documentation and it says I need to protect the credit card number, expiration date and the card holder's name. No storage of security codes ever. In their documentation, it just says protect. Is this saying I need to encrypt these 3 columns in my database? I thought only the number was the data that needed to be encrypted. Either way, I'm fine with. If I need to encrypt all three columns, do I share one certificate and have 3 symmetric keys, or will I only need 1 of each, with that symmetric key being used on all 3