PCI Compliance manager sends me a test every year I have to pass to remain compliant with credit card processing good practices. This year they have a new question asking if we "settle a batch" at the end of the night to process our nightly credit cards. Because I said yes, they say we're not compliant because numbers are therefore stored on our hard drive which is hackable.
I'm told by my processor this has to do with the number of ports available on my router. The note I have from PCI Compliance says to wit: " having remote access software present can lead to information disclosure or potential exploit. Due to increased risk to the cardholder data environment, please 1) justify the business need for this configuration to the ASV, or 2) confirm that it is disabled."
Other notes that are completely foreign language to me is:
Domain/IP
PCI issue
Declaration
Comment
75.***.**.***
Insecure Services/industry-deprecated protocols: 50001 / tcp / www
No
-
75.***.**.***
Insecure Services/ industry-deprecated protocols: 6319 / tcp / www
No
-
I'm going to lie and say that we don't settle a batch at the end of the night, but I'm interested if this a problem anywhere else, a new problem, or I'm just answering questions wrongly.
I'm told by my processor this has to do with the number of ports available on my router. The note I have from PCI Compliance says to wit: " having remote access software present can lead to information disclosure or potential exploit. Due to increased risk to the cardholder data environment, please 1) justify the business need for this configuration to the ASV, or 2) confirm that it is disabled."
Other notes that are completely foreign language to me is:
Domain/IP
PCI issue
Declaration
Comment
75.***.**.***
Insecure Services/industry-deprecated protocols: 50001 / tcp / www
No
-
75.***.**.***
Insecure Services/ industry-deprecated protocols: 6319 / tcp / www
No
-
I'm going to lie and say that we don't settle a batch at the end of the night, but I'm interested if this a problem anywhere else, a new problem, or I'm just answering questions wrongly.