Andrew Pollack's Blog

Technology, Family, Entertainment, Politics, and Random Noise

PCI Compliance - Is it important to you that Notes & Domino play nice in this space?

By Andrew Pollack on 02/15/2009 at 09:20 PM EST

If your company takes or stores credit card data, you may be required to meet PCI Compliance standards. Not all credit card processing requires this -- it has to do with the volume of transactions and other things. If you have to comply, you know what a challenge it can be.

I spent a good part of last week working on an issue which was related to PCI Compliance and data being stored in NSF databases. While I can't go into details right now due to NDA, there are a couple of things I'd like to press for in the way Notes and Domino does things which would make it far easier to meet the requirements set forth by the credit card companies.

I believe that with what should be fairly minor functional changes, the Notes client and Domino server could be the easiest tools in the industry to use for managing data in ways that meet the very specific PCI Compliance requirements. Keep in mind, it can be done now, but I think it could be a great deal easier.

Before I start lobbying really hard for this, I'd love to hear from you guys out there as to how big an issue this is for you. Any stories?

per request: https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml


There are  - loading -  comments....

re: PCI Compliance - Is it important to you that Notes & Domino play nice in this space?By Stephan H. Wissel on 02/15/2009 at 09:52 PM EST
Questions around storage of credit cards pop up from time to time. Could you
add a link to the PCI requirements website? (There is one isn't it?)
:-) stw
re: PCI Compliance - Is it important to you that Notes & Domino play nice in this space?By Chris on 06/03/2010 at 08:11 AM EDT
Yes, would love to have Domino work towards PCI Compliance just a little
easier.
re: PCI Compliance - Is it important to you that Notes & Domino play nice in this space?By Pat on 07/12/2010 at 03:06 PM EDT
Struggling with this right now, we have to provide evidence that our PCI data
is encrypted "at rest" and "in motion". Using secretencryptionkeys is an
obvious solution, but I have a hard time trying to get the Security guys to
believe me that data is encrypted in both states without documentation that
explains the detail of how SEK encryption is working on the Domino platform.
Providing a Guide for PCI compliance describing the affect each security
preference has on the data "at rest" and "in motion" would go a long way to
making this process easier.


Other Recent Stories...

  1. 12/04/2014Looking for a few people who want to beta test my new SSL Certificate Request tool.I plan to open source this tool once I've done just a little more testing with other people. Drop me an email if you're interested. I'm looking for around 5 people who have the time, know how to deal with SSL stuff already, and already have the Notes 9.x admin client on their machines. The idea behind open sourcing for me, is that I've created the functional tool, and there's a lot of room for making it nicer looking and adding other kinds of functionality. For example, this tool allows you to create and ...... 
  2. 12/01/2014Well, it's official. IBM ConnectedED does not feel my contribution is worth the session time.I know I'm in good company, and I don't deserve a session slot any more than anyone else -- but I'd be lying if I didn't admit to being a bit frustrated and disappointed. For now, I'll hold my tongue about the decision process,wish the best of luck to those who will be speaking,hope the people attending find the content helpful,and say that if you want the content I've been deliveringyou'll have to come to some of the user groups or to Rudi's"Admin / Developer Camp" ...... 
  3. 12/01/2014First look at a new free Domino SSL certificate tool I've coded something that I plan to release to the community if there is enough interest. It's designed to make the process of getting SHA2 certificates a little easier. I've had to request a fair number of these recently and the command line stuff is tedious and it's easy to make mistakes or misplace the various files. This tool uses the same steps as the process IBM documents and the same tools. You still have to install openSSL and the kyrtool update on your 9.x Admin client machine. The tool checks to ...... 
  4. 11/10/2014Simplified explanation and steps for upgrading to SHA-2 encrypted SSL certificates for Domino 
  5. 11/04/2014Warning: IBMs Interim Fix¬†adding TLS 1.0 to Domino can break connections from Python and some other scripting clients 
  6. 11/04/2014Patch for the SSL v3 POODLE exploit has escaped IBM and can now be downloaded. You REALLY need this patch 
  7. 10/29/2014Automatic Spam Report to Provider Agent 
  8. 10/21/2014Quick update on the Domino SSL v3 "POODLE" , TLS, and SHA-2 issues -- Good news 
  9. 10/16/2014Summary Recommendation for dealing with the POODLE SSLv3 Vulnerability on Domino servers 
  10. 10/14/2014Speaking tonight ath the ICU One (aka NE Notes Users Group) 
Click here for more articles.....


pen icon Comment Entry
Subject
Your Name
Homepage
*Your Email
* Your email address is required, but not displayed.
 
Your thoughts....
 
Remember Me  

Please wait while your document is saved.