Portal | Manuals | References | Downloads | Info | Programs | JCLs | Master the Mainframes
IBM Mainframe Computers Forums Index
 
Register
 
IBM Mainframe Computers Forums Index Mainframe: Search IBM Mainframe Forum: FAQ Memberlist Usergroups Profile Log in to check your private messages Log in
 

 

PCI#DSS issues

 
Post new topic   Reply to topic    IBMMAINFRAMES.com Support Forums -> All Other Mainframe Topics
View previous topic :: :: View next topic  
Author Message
haimzeevi

New User


Joined: 01 Mar 2010
Posts: 27
Location: Israel

PostPosted: Tue Jan 18, 2011 5:50 pm    Post subject: PCI#DSS issues
Reply with quote

Regarding requirement, PVV & CVV should be erased from TRK2 info.
Is it mandatory, in all organizations, to erase this info from all backups, as well?
Thanks,
Haim Zeevi
Back to top
View user's profile Send private message

Robert Sample

Global Moderator


Joined: 06 Jun 2008
Posts: 8004
Location: Bellevue, IA

PostPosted: Tue Jan 18, 2011 6:37 pm    Post subject:
Reply with quote

Check the manual on PCI compliance.
Back to top
View user's profile Send private message
Bill O'Boyle

CICS Moderator


Joined: 14 Jan 2008
Posts: 2502
Location: Atlanta, Georgia, USA

PostPosted: Tue Jan 18, 2011 6:52 pm    Post subject: Reply to: PCI#DSS issues
Reply with quote

Haim,

IMHO, it couldn't hurt to re-initialize these values to X'00's.

Also, Track1 Data (BIT 045) should be considered as well.

While you're at it, to be absolutely sure, re-initialize BIT 052 (Pin Block Data) to X'00's (if present).

Welcome to the forum....

Regards,

Bill
Back to top
View user's profile Send private message
haimzeevi

New User


Joined: 01 Mar 2010
Posts: 27
Location: Israel

PostPosted: Wed Jan 19, 2011 3:58 am    Post subject: Reply to: PCI#DSS issues
Reply with quote

Thank you both.
Robert, we know here what RTFM stands for... but here, PCI requirements got different explanations, depends on whom you ask.
My question was posted to find out about the backups long time backwards.
Thanks again,
Haim.
Back to top
View user's profile Send private message
Robert Sample

Global Moderator


Joined: 06 Jun 2008
Posts: 8004
Location: Bellevue, IA

PostPosted: Wed Jan 19, 2011 5:02 am    Post subject:
Reply with quote

Quote:
but here, PCI requirements got different explanations, depends on whom you ask.
Not according to http://www.pcisecuritystandards.org they don't. I got pulled into some PCI compliance things a while back and learned to read the official PCI documentation. If you're dealing with PCI issues, you need to learn what the documentation tells you as well. Don't rely on what people tell you -- sometimes interpretations may not be accurate, or be in conflict (as apparently you've found out).

Short answer: card number and CVV (for one) cannot be stored clear text anywhere. This includes disk, tape, backups, VSAM files, servers, you name it. I was working with PCI DSS 1.1 so I'm not sure how much it has changed with the latest standard (probably not a lot in this area), but PCI compliance for 1.1 did not permit storage of the CVV after authentication was done -- period. Encryption did not matter; the CVV was not allowed to be stored at all.
Back to top
View user's profile Send private message
haimzeevi

New User


Joined: 01 Mar 2010
Posts: 27
Location: Israel

PostPosted: Wed Jan 19, 2011 3:28 pm    Post subject: Reply to: PCI#DSS issues
Reply with quote

Thanks for both answer & PCI link.
The answer was "loud & clear"....
Haim Zeevi
Back to top
View user's profile Send private message
Robert Sample

Global Moderator


Joined: 06 Jun 2008
Posts: 8004
Location: Bellevue, IA

PostPosted: Wed Jan 19, 2011 3:54 pm    Post subject:
Reply with quote

Glad to hear it helped! icon_smile.gif
Back to top
View user's profile Send private message
View previous topic :: :: View next topic  
Post new topic   Reply to topic    IBMMAINFRAMES.com Support Forums -> All Other Mainframe Topics All times are GMT + 6 Hours
Page 1 of 1

 

Search our Forum:

Similar Topics
Topic Author Forum Replies Posted
No new posts ODPP(Optim Data privacy Provider) Iss... Rama kishore IBM Tools 1 Mon Nov 07, 2016 5:46 pm
No new posts Faccing issues while creating a GDG V... sravindra_s JCL & VSAM 5 Thu Jun 23, 2016 11:26 am
No new posts issues with memory in programs with c... sivakumar.karthik CICS 4 Thu Aug 13, 2015 8:56 pm
No new posts issues while creating new member in a... sagar.ssmane TSO/ISPF 1 Thu Apr 30, 2015 1:35 pm
No new posts Cursor related Issues sivareddy123 DB2 2 Fri Jan 30, 2015 4:01 pm


Facebook
Back to Top
 
Mainframe Wiki | Forum Rules | Bookmarks | Subscriptions | FAQ | Tutorials | Contact Us