PCI Compliant Troubleshooting

PCI compliance, while not required of merchants, is expected of all support providers working with a ShopSite merchant with regards to accessing a merchant's store. The following PCI Compliant Troubleshooting guidelines should be adhered to:

  1. Obtain the minimal access necessary to troubleshoot the problem. For example, back office (merchant interface) access is typically the first step and the above access guidelines need to be followed. If back office access is not enough, then SSH or SFTP access may be necessary.

    When obtaining login/access information from a merchant:
    1. A unique login/user and password should be assigned to your support team by the merchant. If the merchant temporarily changes the login passwords for your access, they should be strong passwords, and should be changed again after your support team is finished.
    2. The password provided by the merchant must be at least 7 characters long.
    3. The password provided by the merchant must contain both alpha and numeric characters.

  2. Obtain the merchant's database and/or other data files only as necessary to troubleshoot in a test environment. This means that you should only collect sensitive authentication information when it is needed to solve a specific problem. Even then, the amount of data collected should be small. This small amount of data should be securely stored in specific known locations with limited access.

    When obtaining merchant's data files that 'may' contain payment information, the following steps are to be followed:
    1. Log a work order in the appropriate CRM.
    2. Since the shopsite_db 'may' contain credit card data, as it is copied/moved/ftp’d to any internal test/development machines, any copies that are no longer needed on an internal machine (e.g. the original ftp server) need to be securely erased (e.g. using srm on Linux or Eraser on Windows.)
    3. Unless the DB table for orders and customer registration are necessary for troubleshooting, or the DB is corrupted, those records should be deleted using the back office interface which will ensure any payment information is overwritten.
    4. Any engineer (or other person) that receives access to the shopsite_db needs to be noted in the work order.
    5. When the work order is resolved and then verified by QA, QA needs to check with all people that received access to the shopSite_db to confirm that it has been securely removed from any and all test/development machines before verifying the work order as complete.