Educause Security Discussion mailing list archives
Re: PCI Compliance for external e-commerce vendors
From: "j.price" <j.price () DOMAIL MARICOPA EDU>
Date: Mon, 12 Feb 2007 16:13:10 -0700
Kim, When you are using a third party vendor, you request verification from them that they are PCI compliant. We request that of our vendors and make sure there is language in our contract that states who is responsible if there is a breach. Janet Kim Cary wrote:
Hi folks, I'm trying to settle what we should do for PCI compliance with big external e-commerce vendors, e.g. Verisign. PCI compliance scanning: Do you scan their site (as you would an internal one)? Seems like a violation of their terms. Do you scan the page you use to link to them (the one with NO CC inputs)? PCI compliance documentation: Are you certifying PCI compliance for the external e-commerce vendor if the only thing you are getting back from them is the masked CCN & a transaction ID? Kim Cary, Ed. D. Infrastructure Security Administrator M-F 7-4 ~ 310 506 6655
-- Janet Price Maricopa Online Student Self Services 2411 W 14th St Tempe Arizona, 85281 (480)731-8730 100 years from now, it will not matter what my bank account was, how big my house was, or what kind of car I drove. But the world may be a little better, because I was important, in the life of a child. -Forest Witcraft
Current thread:
- PCI Compliance for external e-commerce vendors Kim Cary (Feb 12)
- <Possible follow-ups>
- Re: PCI Compliance for external e-commerce vendors j.price (Feb 12)
- Re: PCI Compliance for external e-commerce vendors Theresa M Rowe (Feb 13)