PCI DSS Compliant ?
I was told by my Local Vendor that Symantec DLP is a PCI Compliant Application .Can anyone send me some more details in this regards such as
- If the database is encrypted ,how are the Keys maintained
- How the credit card number is stored in the database .Is it stored as full PAN or truncated
When we will do a discovery ,chances are the DLP will find a lof of credit card numbrs from various sourcese so our concerns is that how these card numbers will be dealt with in the system .If someone from Symantec can answer the simple queries mentioned below ..
- Does the system receive full card numbers (Y/N)?
- Does the system send full card numbers (Y/N)?
- Does the system store full card numbers (Y/N)?
- Does the system display full card numbers (Y/N)?
- Does the system process full card numbers (Y/N)?
All of above is very important as it will help us decide whether or not to deploy our standards PCI DSS Controls on DLP Oracle database .