All Oracle E-Business Suite implementations that "store, process, or transmit cardholder data" must comply with Payment Card Industry (PCI) Data Security Standard 3.0 regardless of size or transaction volume. The PCI Data Security Standard (DSS) 3.0 is a set of stringent security requirements for networks, network devices, servers, and applications. The difficultly with Oracle E-Business Suite and achieving PCI compliance is that even though credit card processing may be only a one minor feature of the application, the entire application installation must be fully PCI DSS compliant due to the tight-integration and data model of Oracle E-Business Suite. This paper reviews the credit card processing features of Oracle E-Business Suite and provides general guidance for Oracle E-Business Suite implementations on complying with relevant PCI DSS requirements.

Tags: 
Encryption, Sensitive Data, PCI, Reference, Oracle E-Business Suite, Auditor, DBA, IT Security, Whitepaper