Geek Answers Handbook

What does it take to write a PCI-compatible assembly?

I have a WPF application in which we integrated credit card processing. We currently use credit information punched / printed on a web page in a WPF web browser to meet PCI requirements. This seems to be normal because the web browser component is PCI compatible and our code never deals with credit card information.

I really hate this design and would like to write a standalone, PCI-compatible WPF interface / assembly that we can plug in, not a web browser component. If our application code can use a browser without a PCI license, can it use our own certified PCI assembly, which in itself is PCI certified? All the new management / assembly that he will do is to collect information about the card and securely send it to a remote secure server through the WCF service. He will not store a credit card or do any processing locally with it. I was told this was needed as a 9 month review process, so we went with a browser approach.

Can someone give me a general idea of ​​what needs to be done for this?

  • Could this be written in C # / WPF?
  • Is code needed for special security measures (e.g. CAS)?
  • Is assembly necessary to confuse?
  • And as soon as it is written, what do you need to do?
+5
source share
1 answer

Although there are a lot of matches with PCI-DSS, the formal name you are looking for is PA-DSS (Payment Application Data Security Standards).

One of the strategies to best solve your problem is to split the input / processing parts of the cards into a completely separate option. Ultimately, this standalone solution will be an “application” that passes PA-DSS certification. Once you have certified, you will include it in your larger project (which will not change the PCI compliance of the larger project)

, PA-DSS. , , , . , !

, , - , "" ( ) PA-DSS ( PCI-DSS, ). - . , - " ", - , . PA-DSS ( - PCI -, )

, , QSA, . QSA , , , , QSA,

+2

More articles:


All Articles