Python code execution
IBM® Safer Payments can feed data to external Python programs that are out of scope of IBM Safer Payments.
If you use external Python programs to store sensitive data outside of IBM Safer Payments, you must protect this data by fulfilling PCI DSS requirements 3.4.1, 3.5, 3.6, and all applicable subrequirements.
To help identify such cases, the IBM Safer Payments PCI DSS report warns you about model revisions (including challenger revisions) that use external Python programs that reference encrypted attributes.
Important: Python programs are run by the same user that runs IBM Safer
Payments. The Python program has the same
operating system privileges as that user. Therefore, the permissions of that user must be as
restrictive as possible. The IBM Safer
Payments
user privilege to edit mandators must also be used sparsely as those users are able to upload Python
code into the application.