AnsweredAssumed Answered

Sending the batch file in a PCI-compliant manner

Question asked by myusernamelpi on Feb 6, 2017
Latest reply on Feb 10, 2017 by lisa.graham


Is there a recommended way for preparing and sending the batch/session file(s) to Vantiv? What I mean is that according to PCI requirements, we can't simply render the constructed XML request to a temp file, and then [s]FTP that to Vantiv, since the PAN data can never be stored on disk unencrypted. The PCI spec states:

 

Render PAN unreadable anywhere it is stored (including on portable digital media, backup media, and in logs) by using any of the following approaches:

  • One-way hashes based on strong cryptography (hash must be of the entire PAN)
  • Truncation (hashing cannot be used to replace the truncated segment of PAN)
  • Index tokens and pads (pads must be securely stored)
  • Strong cryptography with associated key-management processes and procedures

 

It's almost as if we have to "stream" the file to Vantiv's FTP directory in-memory, to avoid writing the PAN to disk unencrypted.

 

Even if we're using a secure protocol, such as sFTP, PCI forbids us from writing the PAN to the file, even if it's temporary. That being said, what's the recommended way for preparing and sending a batch/session file to Vantiv?

 

We're using .NET, and have been leveraging the Vantiv .NET SDK (Developers | Vantiv )

Outcomes