Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What can I store locally while still being PCI Compliant using Braintree in Rails?

Tags:

ruby-on-rails

pci-compliance

braintree

activemerchant

What credit card information am I allowed to store while still being PCI compliant if I am relying on braintree for payment processing?

The reason I am asking is because, as a simple optimization, if a customer has already bought something from my store with a credit card, I can show them the last 4 digits of their credit card, and the card type, without having to make an API call to BrainTree. I'd have to make the call if they wanted to change the card or make a purchase, but for that one page, I wouldn't.

Question is, am I allowed to store:

  • the last 4 digits of the credit card
  • and the card type
  • and possible the cardholder name

Or where is there a list of PCI compliance "do's and don'ts" I can check out?

like image 380
Lance Avatar asked Dec 21 '10 01:12

Lance

People also ask

Is Braintree PCI compliance?

Braintree is a validated Level 1 PCI DSS compliant service provider.

How do I get around PCI compliance?

The 12 PCI compliance requirements are summarized below: Maintain a firewall – protects cardholder data inside the corporate network. Passwords need to be unique – change passwords periodically, do not use defaults. Protect stored data – implement physical and virtual measures to avoid data breaches.

Do I need to be PCI compliant if i use Stripe?

PCI compliance is a shared responsibility and applies to both Stripe and your business. When accepting payments, you must do so in a PCI compliant manner. The simplest way for you to be PCI compliant is to never see (or have access to) card data at all.

What data is covered by PCI?

PCI Data Security Standard (PCI DSS) The PCI DSS applies to all entities that store, process, and/or transmit cardholder data. It covers technical and operational system components included in or connected to cardholder data. If you accept or process payment cards, PCI DSS applies to you.

2 Answers

Yeah, it's fine to store those things.

Check out the PCI Quick Reference Guide for a brief overview of what you should and shouldn't do.

like image 57
idlefingers Avatar answered Oct 21 '22 08:10

idlefingers

As has already been said, it's ok to store that data.

Regarding "dos and don'ts", it would be worth it to check out the Open Web Application Security Project (owasp.org). In particular, look at their OWASP guide (available here http://prdownloads.sourceforge.net/owasp/OWASPGuide2.0.1.pdf?download) on how to develop secure web applications. They cover PCI compliance and best practices starting on page 53.

like image 37
David Sulc Avatar answered Oct 21 '22 07:10

David Sulc
Sign in to Comment

Related questions

Getting progress message from a subprocess
Does Go have the standard functional primitives?
How to debug Javascript running in a webview on an iPad?
Is there a function in jquery.validate that will reset a single field like resetForm does for a form?
QListWidget or QListView with QItemDelegate?
Git-flow fails with "fatal: no tag message? / Tagging failed. Please run finish again to retry"
JQuery Mobile + PhoneGap for Android - Error loading index.html
Haskell Documentation on Terminal [duplicate]
LINQ to Entities - where..in clause with multiple columns
Highcharts jQuery rendering problem - all browsers
Turn off tracking in entity framework model first
XMLHttpRequest cannot load.?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!