Anyone doing PCI with CMOD?

[Bud Paton]

Has anyone created a PCI compliant system with CMOD? Thanks

[Justin Derrick]

Hi Bud.

I'll answer your question with a question -- I've heard 'PCI' compliance mentioned for probably 5 to 7 years now, but I've never received a decent explanation of what it entails.

Does anyone have a reference to the specifications for PCI compliance?  Are they public?

-JD.

[Bud Paton]

Sorry I should have explained PCI Compliance:
Q: What is PCI?
A: The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment.  Essentially any merchant that has a Merchant ID (MID).
The Payment Card Industry Security Standards Council (PCI SSC) was launched on September 7, 2006 to manage the ongoing evolution of the Payment Card Industry (PCI) security standards with focus on improving payment account security throughout the transaction process.  The PCI DSS is administered and managed by the PCI SSC (www.pcisecuritystandards.org), an independent body that was created by the major payment card brands (Visa, MasterCard, American Express, Discover and JCB.).
It is important to note, the payment brands and acquirers are responsible for enforcing compliance, not the PCI council.
A copy of the PCI DSS is available here.

[Steve Bechtolt]

We have been working with several of our clients moving towards PCI compliance.  Some steps taken to date include utilizing the User Preview Exit to mask credit card numbers for data that is already loaded into CMOD.  We have also implemented a 3rd-party data encryption solution to encrypt the file systems for all of the CMOD directories: arsdb, cache, etc. This also includes encrypting disk storage pools defined in TSM.