Educause Security Discussion mailing list archives
Re: PCI- DSS Scope ?
From: Jason Testart <jatestart () UWATERLOO CA>
Date: Fri, 12 Jun 2009 12:40:50 -0400
Bill Badertscher wrote:
Is it correct to conclude that a university identification card becomes a financial transaction card when an ISO compliant primary account number is encoded on track 2 by the university to facilitate financial transactions? Further, do university systems become part of "merchant" systems by virtue of storing account numbers? It is not clear to me that outsourcing to a third party for payment processing exempts a university from PCI-DSS compliance. I'd be interested in university related case law that addresses the issue. Many thanks.
Depends who issued the PAN that is encoded into the university identification card. Is this a credit card number?
Current thread:
- PCI- DSS Scope ? Bill Badertscher (Jun 12)
- <Possible follow-ups>
- Re: PCI- DSS Scope ? Jason Testart (Jun 12)
- Re: PCI- DSS Scope ? Ken Rowe (Jun 12)
- Re: PCI- DSS Scope ? Megan Carney (Jun 15)
- Re: PCI- DSS Scope ? Michael Johnson (Jun 15)
- Re: PCI- DSS Scope ? Allison Dolan (Jun 15)