Oracle Applications 11i: Credit Cards and PCI Compliance Issues

All Oracle Applications implementations that "store, process, or transmit cardholder data" must comply with Payment Card Industry (PCI) Data Security Standard 1.1 regardless of size or transaction volume. The PCI Data Security Standard (DSS) 1.1 is a set of stringent security requirements for networks, network devices, servers, and applications. The difficultly with Oracle Applications and achieving PCI compliance is that even though credit card processing may be only a one minor feature of the application, the entire application installation must be fully PCI DSS compliant due to the tight-integration and data model of Oracle Applications. This paper reviews the credit card processing features of Oracle Applications and provides general guidance for Oracle Applications implementations on complying with relevant PCI DSS requirements.

Click here to get the file