Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: PCI and banks that use Akamai

From: Jeffrey Schiller <jis () MIT EDU>
Date: Mon, 14 Jun 2010 15:38:46 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/14/2010 03:33 PM, John Ladwig wrote:

Hm.  No reason a bank *would* use a PCI service, regardless of how
reasonable a thing that'd be from an infosec perspective.

And I think step 1 would still be 'understand Akamai's PCI service
offering and its relevance to the problem at hand," if it were cited
by a bank.


We should also be a bit careful here. In general PCI is all about
accepting credit cards as a form of payment. In particular PCI is
focused on credit card merchants. It is not really oriented toward
banks and generic banking transactions. I am not even sure that a bank
has to *be* PCI compliant.

I do not have any familiarity with Akamai's PCI service offerings, but
I suspect it is a high performance payment system, probably not a
generic "secure" platform.

- From my experience, I would expect that some banks "get it" when it
comes to IT security, and others do not. In particular I would be
concerned about small credit unions.

                      -Jeff

- --
========================================================================
Jeffrey I. Schiller
MIT Network Manager/Security Architect
PCI Compliance Officer
Information Services and Technology
Massachusetts Institute of Technology
77 Massachusetts Avenue  Room W92-190
Cambridge, MA 02139-4307
617.253.0161 - Voice
jis () mit edu
http://jis.qyv.name
========================================================================

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iD8DBQFMFoVG8CBzV/QUlSsRAm8nAKC6Zi2t8DyJePWHksPazbM/KmgDlwCgjGUN
sZFi+albvWaooDxdJvDt/LA=
=+ayn
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: