We have been processing credit card transactions on the IBMi for a couple
of years now and have always used the token - no card details are ever
recorded in a database.

Client will register a card on the site that is PHP running on IBMi and we
use a web service to get a token for the card that is then stored in the
database along with a PAN number.

Once registered the card token can then be used by backend processes or web
payments.

I am not sure I understand or agree with the use of a wireless device as
you have indicated - that seems less secure.

The token has no meaning whatsoever to anyone except the payment gateway
provider.



Don Brown




"MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx> wrote on 05/12/2018 01:06:37
PM:

From: "Steinmetz, Paul" <PSteinmetz@xxxxxxxxxx>
To: "'Midrange Systems Technical Discussion'" <midrange-l@xxxxxxxxxxxx>
Date: 05/12/2018 01:06 PM
Subject: Credit Card Processing and PCI compliancy on the Power i
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx>

Anyone from the group processing credit cards on the i?

Currently, we do NOT use any credit card terminal devices.
Currently, card data is entered either via green screen application,
gui application, IVR, WEB.

We were informed by our processer today that going forward we need
to consider having ALL card data entered via a wireless device
connected to a separate network, (no longer from any PC device, or
any device connected to the I, or the I network) that connects to
a cloud based authorizer, and then returns a token back to the I,
which in turn is then stored in the I application, to keep the I
out of PCI scope and to remain PCI compliant.

Going forward, all current credit card touch points (green screen
application, gui application, IVR, WEB) would need changes to stay
compliant.

Have others in the group had to deal with this issue and what
solutions have anyone implemented?

Thank You
_____
Paul Steinmetz
IBM i Systems Administrator

Pencor Services, Inc.
462 Delaware Ave
Palmerton Pa 18071

610-826-9117 work
610-826-9188 fax
610-349-0913 cell
610-377-6012 home

psteinmetz@xxxxxxxxxx
http://www.pencor.com/

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link:
https://amazon.midrange.com

______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
______________________________________________________________________

______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
______________________________________________________________________

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.