PCI Resources Volume 4 Hypothetical Case Studies (PCI DSS 3.2 edition): From Jane's Flower Attic to Jane's Flower Emporium by Yves B. Desharnais
Author:Yves B. Desharnais [Desharnais, Yves B.]
Language: eng
Format: azw3
ISBN: 9780994837479
Publisher: 8850895 CANADA INC.
Published: 2017-07-12T04:00:00+00:00
Volume 4 Figure 7 – JFE Network and Telephony Diagram
The order page of the CRM's version of the POS system has a separate tab for entering card information. When the CSR enters this tab, the call recording is automatically paused to prevent the recordings from becoming PCI DSS data. The company initially tried to have CSRs manually pause recordings, but opted for automation after compliance with this order was deemed too low. Since stored calls do not contain card information, these recordings do not fall under PCI DSS compliance for requirement 3.2.* and 3.4 (but the systems are still in-scope since they transmit this data).
4.5.6 eCommerce
eCommerce also falls under the COO's purview, but with IT sharing responsibilities. The website, including the payment portion, is developed by IT Applications (which includes the web development team), maintained by the IT Operations team, but managed by many of the COO's groups. Marketing worries about design and content, while procurement and logistics, and store management also have their roles. CSRs can also interact with the eCommerce system for issues with online orders.
Since JFE wanted a seamless user experience, they opted to use an API on the server side, communicating with PAYPRO, the payment processor. This means that the web server performing these action becomes a CDE system as it (receives first and then) transmits cardholder data. To simplify PCI DSS compliance, JFE has modified the website to have the eCommerce portion run on a different subdomain (store.jfe) than the regular website (www.jfe). Cardholder data is not stored (though caching could occur). Order information is entered in the ERP system using an API to this system but only transaction numbers returned by PAYPRO are stored (no CHD).
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Bad Blood by John Carreyrou(6259)
Rich Dad Poor Dad by Robert T. Kiyosaki(6156)
Principles: Life and Work by Ray Dalio(5917)
Playing to Win_ How Strategy Really Works by A.G. Lafley & Roger L. Martin(5405)
Management Strategies for the Cloud Revolution: How Cloud Computing Is Transforming Business and Why You Can't Afford to Be Left Behind by Charles Babcock(4429)
The Confidence Code by Katty Kay(4013)
Thinking in Bets by Annie Duke(3986)
American Kingpin by Nick Bilton(3491)
Delivering Happiness by Tony Hsieh(3266)
Project Animal Farm: An Accidental Journey into the Secret World of Farming and the Truth About Our Food by Sonia Faruqi(3000)
The Power of Habit by Charles Duhigg(2951)
Mastering Bitcoin: Programming the Open Blockchain by Andreas M. Antonopoulos(2880)
Brotopia by Emily Chang(2880)
The Tyranny of Metrics by Jerry Z. Muller(2830)
I Live in the Future & Here's How It Works by Nick Bilton(2829)
The Marketing Plan Handbook: Develop Big-Picture Marketing Plans for Pennies on the Dollar by Robert W. Bly(2773)
The Content Trap by Bharat Anand(2762)
Building a StoryBrand by Donald Miller(2746)
Applied Empathy by Michael Ventura(2732)
