WebApp Sec mailing list archives
RE: PCI - Visa / MC / Amex merchant security standards
From: "Andrew van der Stock" <vanderaj () greebo net>
Date: Thu, 10 Feb 2005 00:06:33 +1100
Visa seems to be having some difficulties with that URL - it was fine for me earlier - I literally cut and pasted it. However, that doesn't work right now, hopefully Visa will have it back soon. The overall CISP program is here: http://usa.visa.com/business/accepting_visa/ops_risk_management/cisp.html?it =c|/business/accepting_visa/index%2Ehtml|Cardholder%20Information%20Security %20Program%20(CISP) (URL wrapped - please concatenate on one line) If you are in the Asia Pacific Region (like me!), this link would serve you better: http://www.visa-asia.com/secured/ There are many more PDF documents in that URL, including how to conduct an audit, what an audit should contain, FAQ's, and advice for larger processors (ie merchants like eBay or major retailers). Also, I see you work for a bank. The above guidelines, although good solid security controls, do not really apply to issuing institutions. You need to contact your card services people (if it is not you :) and talk to them about the controls. Many of the controls should be adopted - particularly the change management and patch management ones, code reviews, regular auditing, etc. However, some of them, like not storing cc #'s and ccv's can't apply to issuing institutions as you generate these values for card holders. Good luck! Thanks, Andrew ________________________________________ From: Murli [mailto:obscured] Sent: Wednesday, 9 February 2005 11:06 PM To: Andrew van der Stock Subject: RE: PCI - Visa / MC / Amex merchant security standards Hi andrew - thank you for the info. I tried accessing the link you had provided but it threw up an error. Could you pls recheck the link and confirm. Thanks Murli
Current thread:
- PCI - Visa / MC / Amex merchant security standards Andrew van der Stock (Feb 08)
- <Possible follow-ups>
- RE: PCI - Visa / MC / Amex merchant security standards Andrew van der Stock (Feb 09)
- Re: PCI - Visa / MC / Amex merchant security standards Andre Ludwig (Feb 10)
- RE: PCI - Visa / MC / Amex merchant security standards Lyal Collins (Feb 12)
- Re: PCI - Visa / MC / Amex merchant security standards Andre Ludwig (Feb 10)