Security Basics mailing list archives
Re: PCIDS Standard
From: Security <security () ucw com au>
Date: Tue, 24 May 2005 09:55:02 +1000
Hi, Go to mastercards web site and download all of the relevant documents. They include: Overviews Questionares for self assesment etcThe security standard you need to meet will vary depending on the amount of transactions you make in a month.
They have given everyone a very short time frame to play with and they also expect you to get a company like Verisign to peform an external audit (port scan) plus a few other tasks, again, depending on the amount of monthy transactions you make.
Custom software isn't a problem, as long as you have proceedures in place. eg, all filing cabinets with card information must be locked and key holders must sign a document.
As this is a ass covering exercise on mastercards behalf, you will only have problems if your company is comprismised and card info is taken. Then mastercard will expect you to have the security standard, and if you dont, they charge you about $4 per card stolen or something similar.
I hope this is want you needed to know Regards, Todd Cummings. Richard Piedrahita wrote:
Hello: This note is not to question the wisdom of the Payment Card Information Data Security Standard due to become effective on June 30 here. What I would like to find out is if this is something that the card companies are adopting and are pushing on down to their merchants (it looks like it is), or, is this another regulation/law somewhere that needs to be tracked and checked off as "Compliant" for all businesses that accept credit card payments of one sort or another? Is there any information on how to identify which business software is in compliance with this standard (at least for small retail or restaurant like businesses)? Thanks, Rick. Richard J. Piedrahita Information Services WCHS, Inc. 301-790-8902 ***** CONFIDENTIALITY NOTICE ***** This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.
Current thread:
- PCIDS Standard Richard Piedrahita (May 23)
- Re: PCIDS Standard Security (May 24)
- <Possible follow-ups>
- RE: PCIDS Standard Roger A. Grimes (May 24)
- RE: PCIDS Standard Anthony J Placilla (May 26)
- RE: PCIDS Standard Roger A. Grimes (May 26)