Re: PCI - Third party vendors

[Emery Rudolph <erudolph () UMD EDU>]

No matter how many entities are involved in the chain of process that makes up your PCI transactional flow, there are 
really only two:

1)      The customer

2)      You as their vendor.

It doesn’t matter how many subcontractors there are in the mix, you are ultimately responsible for securing “your” 
customers data and thus you bear the responsibility for vetting proper PCI compliance from your vendor on down the line.

You will not escape retribution by pointing to the vendor if a breach occurs.

Very Best Regards,

Emery Rudolph, MS
Manager
IT-ETI-PS Enterprise UNIX Services
University of Maryland
(301) 405-9379
http://www.umd.edu

[University of Maryland]

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Drake, 
Craig
Sent: Thursday, July 24, 2014 4:30 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] PCI - Third party vendors

We have a new coffee shop going into our library.  They are completely run by an external entity not associated with 
the university.  They want to connect their terminals to our university network (possibly wireless) to transmit their 
credit card transactions.  What do we need to be concerned with in terms of PCI compliance with them running this 
through our networks?

Thank you,
-Craig

Craig Drake

University Technology Services
Northeastern Illinois University
5500 North St. Louis Avenue, Chicago, IL 60625
Phone: (773) 442-4386
Email: C-Drake () neiu edu<mailto:C-Drake () neiu edu>

www.neiu.edu<http://www.neiu.edu>

[http://homepages.neiu.edu/~markdep/images/neiu_wordmark_color_email.png]
________________________________
No virus found in this message.
Checked by AVG - www.avg.com<http://www.avg.com>
Version: 2014.0.4716 / Virus Database: 3986/7900 - Release Date: 07/22/14