On Tue, Mar 08, 2011 at 03:05:11PM -0500, John BORIS spake thusly: > At work here we are putting together an Online Payment system. I am > searching for information/best practices/guidelines on secure ways to > allow users to create accounts on a system. Most of us have paid bills
You will want to be very familiar with PA DSS (which covers coding your payment application) and PCI DSS: https://www.pcisecuritystandards.org/security_standards/documents.php?association=PA-DSS If you aren't going to be selling/widely distributing your payment application you are not technically required to be PA DSS compliant but it is definitely a good idea. And PCI DSS is required by your bank/acquirer to process transactions. > on line and each has their own way of setting up the account. What I > need is a security professional that I can bounce my plan off of and > they will say yea or nay. or some pointer to a best practices paper that > states suggested ways to do this. I tried one company that does security > scans but this is not in their wheel house. I can talk off list about > this if need be. I specialize in PCI DSS (less so PA DSS, although I am conversant). But those documents I linked to above most likely cover everything you need to be aware of. They tend to be rather comprehensive. -- Tracy Reed
pgpoOSH1WWhAi.pgp
Description: PGP signature
_______________________________________________ Tech mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
