Oracle Applications 11i: Credit Cards and PCI Compliance Issues

Oracle-PCI - 12/2008
27 pages | English | PDF | 0.5MB

All Oracle Applications implementations that "store, process, or transmit cardholder data" must comply with Payment Card Industry (PCI) Data Security Standard 1.1 regardless of size or transaction volume. The PCI Data Security Standard (DSS) 1.1 is a set of stringent security requirements for networks, network devices, servers, and applications. The standard details specific requirements in terms of security configuration and policies and all the requirements are mandatory. PCI DSS is focused on securely handling cardholder data, but also has a significant emphasis on general IT security. The difficultly with Oracle Applications and achieving PCI compliance is that even though credit card processing may be only a one minor feature of the application, the entire application installation must be fully PCI DSS compliant due to the tight-integration and data model of Oracle Applications. In a large global implementation that includes financials, manufacturing, and human resources, PCI compliance can be a daunting endeavor and will impact operations and management of the non-card processing modules. This paper will review the credit card processing features of Oracle Applications and will provide general guidance for Oracle Applications implementations on complying with relevant PCI DSS requirements.