[google-appengine] Re: PCI compliance

[Shaharia Azam]

James,
>From my experience, if you are answering some ready-made questionnaire from 
your PCI compliance certification body, I know that's little bit confusing.

But I would suggest, you reach to that certification body's support 
executive and tell them about your APP. Because most of the PCI compliance 
vendor are very much familiar with those two resources Jordan just shared 
with you and they will make things easier for you to get passed.

Thanks,
Shaharia




On Tuesday, February 6, 2018 at 4:10:26 AM UTC+6, James Hunter wrote:
>
> We are trying to get our Google App Engine application through PCI 
> compliance.  They PCI certifier has 2 questions about use of load balancers 
> that I'm not able to answer.  Could anyone help me with this?
>
> 1.  Is the infrastructure behind the load balancer synchronized?
> 2.  Can we confirm passing internal scans of the infrastructure housing 
> the website(s).
>
> I'm sure google does internal scans of their infrastructure, but does 
> anyone know where there's documentation that I can use for PCI compliance 
> justification?  Also, does anyone know what synchronized means in terms of 
> load balancers and is the Google App Engine infrastructure synchronized?
>

-- 
You received this message because you are subscribed to the Google Groups 
"Google App Engine" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to google-appengine+unsubscr...@googlegroups.com.
To post to this group, send email to google-appengine@googlegroups.com.
Visit this group at https://groups.google.com/group/google-appengine.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/google-appengine/e0a95a2a-3bea-4abd-ae84-9354487b3042%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[google-appengine] Re: PCI compliance

['Jordan (Cloud Platform Support)' via Google App Engine]

All information about Google Cloud's PCI compliance can be found within the 
Security 
and Compliance documentations 
. Note that Google 
Cloud products and services are PCI compliant (e.g App Engine), but your 
own use of these services should also be of compliance as per the Customer 
Responsibility slides 
 
and the Creating a PCI Compliant Environment documentation. 
 

- It is therefore recommended to refer your certifier to the above 
documentations, and to work with them in clarifying your question on how to 
make your own environment compliant.  


-- 
You received this message because you are subscribed to the Google Groups 
"Google App Engine" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to google-appengine+unsubscr...@googlegroups.com.
To post to this group, send email to google-appengine@googlegroups.com.
Visit this group at https://groups.google.com/group/google-appengine.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/google-appengine/2a4a6059-e1ed-45e7-90f7-90f2d93dad98%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[google-appengine] Re: PCI compliance for transmitting cardholder data?

[D X]

Hm... I thought I posted a reply but I don't see it.

I asked this at a GAE Hangout once, the answer was no.

You can't store payment info on GAE.
You can implement ecommerce sites if you use a PCI payment gateway like 
stripe or paypal.



On Tuesday, September 25, 2012 2:57:29 PM UTC-4, Jairo Vasquez wrote:
>
> Any answer from GAE team here?
>
> Thanks
>
> On Monday, July 13, 2009 1:02:06 PM UTC-3, Tony wrote:
>>
>> Has anyone attempted to achieve PCI compliance for an App Engine app 
>> that transmits (without storing) cardholder data (e.g., Paypal's 
>> "Payments Pro" version)?  I was just curious if anyone has had their 
>> app scanned and passed, or if off-site payment processing (e.g. Google 
>> Checkout) is the only option for e-commerce on App Engine.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Google App Engine" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/google-appengine/-/ZWWRv1nAdGUJ.
To post to this group, send email to google-appengine@googlegroups.com.
To unsubscribe from this group, send email to 
google-appengine+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-appengine?hl=en.

[google-appengine] Re: PCI compliance for transmitting cardholder data?

[Jairo Vasquez]

Any answer from GAE team here?

Thanks

On Monday, July 13, 2009 1:02:06 PM UTC-3, Tony wrote:
>
> Has anyone attempted to achieve PCI compliance for an App Engine app 
> that transmits (without storing) cardholder data (e.g., Paypal's 
> "Payments Pro" version)?  I was just curious if anyone has had their 
> app scanned and passed, or if off-site payment processing (e.g. Google 
> Checkout) is the only option for e-commerce on App Engine.

-- 
You received this message because you are subscribed to the Google Groups 
"Google App Engine" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/google-appengine/-/UEys6D0k2kAJ.
To post to this group, send email to google-appengine@googlegroups.com.
To unsubscribe from this group, send email to 
google-appengine+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-appengine?hl=en.