pci-compliance

I have an app that uses Parse as its backend, and has Stripe integration. On Parse, I store a Stripe customer id on my User class, and I have a custom class that has a charge token associated with it, so that a customer can create a service request, and when a provider accepts and fulfills that request, they can have the charge be sent to their recipient id. A user could cancel the service request, or a provider could show up to the user's property and find that the property is unserviceable for various reasons. In this event, we have a cancellation fee that the users are charged. I want to

In our logs we're seeing credit-card numbers due to people hitting some of the ULRs in our app with CC info (I have no idea why they are doing this). We want to sanitize this information (because of PCI considerations) and not even persist it to disk. Hence, I want to be able to sanitize the log entry before it hits the log file. I've been looking at Tomcat Valves (Access Log Valve). Is this the way to go? I was able to solve this problem by extending AccessLogValve and overriding public log(java.lang.String message) : public class SanitizedAccessLogValve extends AccessLogValve { private

Because most of the tools to discover credit card data in file systems does no more that list the suspicious files, tools are needed to mask any data in files that must be retained. For excel files, where loads of credit card data may exist, I figure a macro that detects credit card data in the selected column/row using regex and replaces the middle 6-8 digits with Xs would be useful to many. Sadly, I'm not a guru in the regex macro space. The below basically works with regex for 3 card brands only, and works if the PAN is in a cell with other data (e.g. comments fields) The below code works,

I am writing a point of sale application for a client who has some very specific needs. The client is a retail store, so when they process credit cards, they have a physical card present and can swipe it. The way it is now, at the end of check out, it presents the cashier with a total, and the cashier keys the total into a credit card terminal (by hand--it is not connected to the computer), swipes the card at the terminal and then when the payment is processed, the cashier presses the "Paid by Credit Card" and it prints a receipt. The problem is that hand keying in totals is time consuming and