Oracle E-Business Suite, PCI Compliance and External vs Internal Accounts
To help understand the Oracle E-Business Suite’s standard functionality to help meet PCI compliance, it is useful to know the difference between what Oracle deems as external and internal accounts.
Oracle defines “external accounts” as those accounts belonging to customers, suppliers, vendors, students, and external third parties. These are the credit cards and bank account numbers customers and vendors use to conduct business with a company. Oracle defines “internal accounts” as those accounts a company uses internally such as bank accounts defined within Accounts Payable or employee bank accounts defined within Oracle HR/Payroll for direct deposit.
While it is highly recommended by Integrigy Corporation to appropriately protect the security of both external as well as internal accounts, PCI compliance requirements apply to only external accounts.
For further information on PCI compliance and the E-Business Suite please refer to our whitepaper in the link below.
In the next blog posting we will review the Oracle E-Business Suite’s Secure Payments Repository and how it is used to help meet PCI compliance.
If you have questions, please contact us at firstname.lastname@example.org
-Michael Miller, CISSP