Enterprise Data Security Solutions

PCI

PCI Security Standards Council, an open global forum, has developed a set of comprehensive requirements for the improving the security of the card holder account data, to facilitate the broad adoption of consistent data security measures on a global basis. It releases PCI Data Security Standard and its related documents.

General Aspects (Oracle Application and Credit Card)

Credit Card Data is stored in unencrypted format.

Credit Card is masked using the profile options specific to each module.

Credit Card Data is stored by module.

Secure Environment.

Credit card information stored in PCI compliant environment.

In Default no PCI compliance is Enabled.

iPayment Module is used to setup the Payment gateway.

PCI and its Requirements

On Applying the PCI patch in default the credit card data will be stored in significant encrypted format. Once the PCI is enabled there is no need for module specific profile option to mask the credit card data since the credit card number is masked automatically. Credit card data is stored in single database table rather than in each module.

Credit Card Data is stored in unencrypted format.

Credit Card is masked using the profile options specific to each module.

Firewall Configuration Setup.

Secure Environment.

Security and System Parameters Setup.

Data Protection Storage.

Encrypted Data Transmission.

Use and Update Anti-virus software.

Secure Systems and Application Maintenance.

Responsibility Access.

System Access Responsibilities.

Track and monitor all access to network resources and cardholder data.

Testing security systems and processes.

Restrict Physical Access to card holder data Security Policy Maintenance.

PCI Compliance Complexity

Custom Encryption needs to be decrypted once before applying the patch so the PCI will enable its own way of encryption based on the Security Key. .

Encryption is not enabled (Applicable) for Oracle Internet Expense in 11i.