Directory - Research last updated 10/2009
Search Results
Will have virtualization in card systems in 2008
Right now, we're not running VMware in credit card environment. We're planning to do it by end of year.
many virtualized servers, but none in cardholder enviro...
We have many virtualized servers, but we don't have them in the cardholder right now. We may deploy some this year.
Virtualization is not contrary to PCI
If an assessor told me that Virtualization was contrary to PCI requirements, I would take up that fight. I don't read 2.2.1 as prohibiting server virtualization.
Level 4 merchants moving to virtual terminal POS
LEVEL 4 MERCHANTS MOVING TO VIRTUAL TERMINAL POS: Our Level 4 independent retailers barely know what PCI means. They bought their POSs through one of our vendor partners. Some have separate payment terminals. In either case, they were not happy when t ...
Tokenization is cheaper than outsourcing
TOKENIZATION IS CHEAPER THAN OUTSOURCING: We're looking at tokenization rather than outsourcing, because we cannot replace our POS with a Virtual POS, even though it might be cheaper to manage long term. I know that this won't address PA-DSS compliance ...
Virtualized server issues
We are deploying more virtualized servers in 2008. We will be deploying them in the cardhold environment, because that's most of our company. I know security is an issue, and we need to have a policy and procedures on how we will secure these virtualize ...
Virtualized server issues
SERVER VIRTUALIZATION CAN BE SECURED TO PASS PCI 2.2.1: Server virtualization is an approach that allows the merchant to maintain more control over the application than just tracking a transaction reference number.
Virtualization brings entire box into scope
People try to argue that a virtual server should be treated as separate servers. But that's not what the standard says. Where you have one server, and the server has several virtual DB servers, the entire box is in scope. You need to be sure that the r ...
Proving our tokenization system is secure
LPAR SEGMENTATION: Where tokenization and virtualization meet is that we keep our tokenization application on the same LPAR (logical partition) as our Warehousing application. So, our assessor told us our Warehousing application was not in scope, and it ...
Using virtual POS will make our POS solution last longe...
USING TO VPOS WITH MAKE OUR POS SYSTEMS LAST LONGER: We are learning that virtual terminal POS, or VPOS will enable us to centrally manage POS compliance and reduce the upgrade costs. Also, when PA-DSS comes out and our POS vendors have to spend money to ...
Moving to POS virtual terminals
MOVIING TO VIRTUAL TERMINAL POS: For 2009, our plan for our next POS is to 'dumb it down.' We plan to deploy virtual terminals that are browser based and not capable of storing any data. That, for us is an alternative to tokenization or outsourcing. Wh ...
Virtualization with VMWare
We do have VMWare running in our staging areas. We use it for integration, but we don't have it on our production servers. We're not sure if it's PCI compliant.
Switch from POS devices to virtual terminals
GETTING RID OF POS DEVICES: We are looking to use virtual terminal devices to get rid of the POS devices. This will allow us to use SAQ A and, more important, greatly reduce our risk of data compromise at the store level.
Server virtualization security tools and issues
GROWING INTEREST IN SERVER VIRTUALIZATION, AND CAUTION: We have seen a lot of interest among clients in server virtualization. IT is thrilled about it. But because they know there will be PCI implications, they are cautious about implementing virtualiza ...
SAP limitations in key rotation
SAP HAS LIMITATIONS IN MEETING 3.6 IN PCI: One of the problems of trying to get an SAP application to be PCI compliant is that the native encryption in SAP is limited. For example, we're run into several situations where the merchant cannot rotate the e ...
Assessors still learning about virtualization
We're hearing more and more about virtual servers and security. This will be a huge huge issue. Generally, we don't have a handle on where all the risks are. My tech guys assure me there are not additional risks from virtualization, just a more complic ...
Virtualization OK by Trustwave
We have virtualized quite a lot of servers here. We used to have 5 servers per store. Now, with virtualization, we have 2 servers running 5 instances, non ESS. Our position is that the PCI 2.2.1 requirement is not specific to hardware, and can be read ...
Heavy use of server virtualization
We are pretty heavy virtualized in terms of our server environment. Really leading edge. If an assessor told us that would make us non-compliant, that would be a real problem for us.
Virtual servers don't really save money
One caution on virtulized servers I want to pass on: The cost savings pitch is a trap. You have to have at least 25 servers before you save any money. However, the management advantage is real, and that's why we're deploying the virtualized servers. R ...
what is 'primary function' of a retail store server - p...
When trying to understand virtualization in retail, for example - in each of our stores, we have one server. So, what is the primary function of that server under PCI 2.2.1? Running the store? Visa or the PCI SSC needs to make a public announcement cla ...
![[Valid RSS]](/valid-rss.png "RSS feed")