BASE24 and PCI DSS Compliance – Briefing for QSAs

Much misinformation exists on achieving PCI DSS compliance in relation to the BASE24 payment application from ACI Worldwide. With no inbuilt encryption or tokenization of cardholder data, protection of the cardholder data is largely left to the customer. In many cases, compensating controls are used to satisfy requirement 3.4 that leave the organization’s cardholder data potentially vulnerable to inappropriate access. In many cases, QSAs who are not experts in securing HP NonStop servers allow these compensating controls and the customer believes that their cardholder data environment is secure. This may not be the case.

Knightcraft Technology and comForte 21 have co-authored a Briefing for QSAs on BASE24 and PCI DSS compliance. Download it from here.