PCI DSS Compliance Questions Answered

• Posted by admin
• 30 April 2009
• Zen Cart Tutorials

Answer:

Answers to the most commonly-asked questions pertaining to Payment Card Industry Data Security Standard compliance

DISCLAIMER: The following answers pertain to a webstore built with default Zen Cart code without any customizations, using only built-in features/modules/capabilities, in the default configuration.
Any customizations you do to your store render these statements incomplete and require that you answer these questions yourself.

• Question 6.2 Is the software and application development process based on an industry best practice and is information security included throughout the software development life cycle (SDLC) process?
  Yes
• Question 6.5 Were the guidelines commonly accepted by the security community (such as Open Web Application Security Project group (www.owasp.org)) taken into account in the development of Web applications?
  Yes
• Question 6.6 When authenticating over the Internet, is the application designed to prevent malicious users from trying to determine existing user accounts?
  Yes
• Question 6.7 Is sensitive cardholder data stored in cookies secured or encrypted?
  Cookies are not used to store Cardholder data.
• Question 6.8 Are controls implemented on the server side to prevent SQL injection and other bypassing of client side-input controls?
  Yes