Архив докладов конференции PgConf.Russia 2015

PostgreSQL пригоден для работы с платежными картами по стандартам PCI

Denish Patel

Ведущий архитектор баз данных, OmniTI

In an attempt to protect its Credit-card holders from identity theft VISA and MasterCard have collaborated with American Express, Discover and JCB to develop the Payment Card Industry Data Security Standard, otherwise known as PCI-DSS. PCI DSS is an industry regulation designed to mitigate risks to the integrity and confidentiality of payment card data. If the company is storing customer’s credit card data, they are entitled to follow PCI compliance guidelines. Regularly, PCI releases new guidelines to protect consumers data, In Nov 2013, PCI released PCI DSS V 3.0 standard procedures.

In the talk, I’m going to discuss guidelines and requirements from PCI DSS V 3.0 and how Postgres’s powerful security features helps to address following PCI compliance requirements by protecting data and controlling:

  • Build and Maintain a Secure Network and Systems
  • Protect Cardholder Data
  • Maintain a Vulnerability Management Program
  • Implement Strong Access Control Measures
  • Regularly Monitor and Test Networks
  • Maintain an information Security Policy