Achieve PCI Compliance with PostgreSQL

Talk Type: 
45 Minute Talk
Technical Level: 

In an attempt to protect its cardholders from identity theft VISA introduced its
Cardholder Information Security Program (CISP) in June 2001. The program was intended to safeguard personally identifiable information (PII). It applied to merchants, service providers, and payment channels that maintained, collected or transmitted VISA account holder data. Other credit card companies, most notably MasterCard, followed VISA’s lead and introduced similar standards. Since that time VISA and MasterCard have collaborated with American Express, Discover and JCB to develop the Payment Card Industry Data Security Standard, otherwise known as PCI-DSS. The Payment Card Industry (PCI) Data Security Standard (DSS) was developed to encourage and enhance cardholder data security.

In the talk, I will discuss how to achieve list of PCI DSS V1.2 requirements. PostgreSQL Database security features provides powerful data protection and access control solutions to address PCI-DSS 1.2 requirements:

Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks
Requirement 6: Develop and maintain secure systems and applications
Implement Strong Access Control Measures
Requirement 7: Restrict access to cardholder data by business need to know
Requirement 8: Assign a unique ID to each person with computer access.
Requirement 10: Track and monitor all access to network resources and cardholder data.
Requirement 11: Regularly test security systems and processes.
Requirement 12: Maintain a policy that addresses information security for employees and contractors

I will talk how can we fulfill requirements in postgresql with some examples.

Achieving_PCI_Compliace.pdf1.87 MB