Download Point PA-DSS Implementation Guide

Point PA-DSS
Implementation Guide
Version 1.7
Confid: Public
Contents
1
Revision history
1
2
Introduction
2
3
Document use
2
3.1
4
Important notes
Summary of requirements
2
3
4.1
Do not retain full magnetic stripe, card verification code or value (CAV2, CID, CVC2,
CVV2), or PIN block data
3
4.2
Protect stored cardholder data
4
4.3
Provide secure authentication features
7
4.4
Log payment application activity
8
4.5
Develop secure payment applications
9
4.6
Protect wireless transmissions
11
4.7
Facilitate secure network implementation
12
4.8
Cardholder data must never be stored on a server connected to the Internet
13
4.9
Facilitate secure remote access to payment application
13
4.10
Encrypt sensitive traffic over public networks
14
4.11
Encrypt all non-console administrative access
15
5
Point application key management
16
6
Implementation Guide reviews and updates
16
7
Terminology
16
8
References
18
Point Transaction Systems Oy | Vanha Nurmijärventie 62 | FI-01670 VANTAA | www.point.fi