A PCI Compliant solution is often requested by customers for large scale enterprise applications.
When developing such a solution, the provider must address mainly the following areas:
- Building and Maintaining a Secure Network
- Protecting the cardholder data
- Maintaining a vulnerability Management Program
- Implementing Strong access control measures
- Regularly Monitoring and testing the network(s)
- Maintaining an information security policy
The PCI compliance requirement affects the system architecture as well as coding paradigms and the deployment choice.
In most cases, an isolated server is used to ensure PCI compliancy. All credit card information will only be handled by this server. When making a transaction, client applications will make two requests:
- one request containing the PCI data to the PCI server;
- one request containing the transaction data to a webapp.
A webapp will request the PCI server to make the create transaction request to the external systems that require credit card information for internal processes.
Usually, all PCI related information is stored in the database server on a separate database instance.
All personnel involved in the maintenance of the applications must conform to strict procedures.
For more information, do not hesitate to contact us.