Lazada is handling credit card numbers (so called cardholder data) and so we need to comply with the PCI-DSS standard. At the moment we are far from being compliant. We need to perform a full blown gap analysis and in this context we need to identify all flows (business and technical) involving cardholder data.
If your teams is handling such data in any way (electronic, paper, phone, etc), please inform the PCI working group by sending an email to pci@lazada.com with at least the following information:
team name and email address.
owner of the process.
justification of the need.
description of access (who has access to what, which role).
the application(s) used to handle cardholder data.
the server/workstations name handling cardholder data.
description of the flow(s).
the country of the venture it affects.
WARNING: starting 1st of September: any cardholder flow detected will be considered as a data leak and so will be blocked. It will result in an investigation.
cardholder data definition:
Full magnetic stripe or the PAN plus any of the following:
Cardholder name
Expiration date
Service Code